Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SCOUR Redirect Virus


  • This topic is locked This topic is locked
36 replies to this topic

#1 Milosv3

Milosv3

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 19 October 2012 - 10:10 PM

I need help with scour redirect.
10 days ago noticed change
serch redirects often from google or bing to scour

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:38 PM

Posted 19 October 2012 - 11:00 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 19 October 2012 - 11:41 PM

Thank you Gringo
Starting the process

#4 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 19 October 2012 - 11:44 PM

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AntiVir Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
SAS/SECURE Java 9.2
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#5 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 19 October 2012 - 11:47 PM

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Klinsman at 0:45:36 on 2012-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1538 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Klinsman\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\oovoo\ooVoo.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\taskhost.exe
C:\Users\Klinsman\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Klinsman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\Klinsman\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe /minimized
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [UIExec] "C:\Program Files (x86)\T-Mobile Internet Manager\UIExec.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Klinsman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5A1C0FD4-EBE9-45DB-B551-C182F596FD4B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5A1C0FD4-EBE9-45DB-B551-C182F596FD4B}\A6564735075656460294144402230282053545E492 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5A1C0FD4-EBE9-45DB-B551-C182F596FD4B}\F6C676160277962756C6563737 : DHCPNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{955CF6E4-4EA3-4871-83E3-3DCBE47C8D8B} : DHCPNameServer = 81.93.64.1 81.93.64.9
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Klinsman\AppData\Roaming\Mozilla\Firefox\Profiles\zmjox56z.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Klinsman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Klinsman\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Klinsman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Klinsman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-4 55280]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-9-9 27760]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63928]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-9-9 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-9-9 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-9-9 98848]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-4 660800]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe [2010-6-4 241664]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-5-4 172704]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-24 393728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-20 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-20 116648]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2010-6-4 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 115168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-13 1255736]
.
=============== Created Last 30 ================
.
2012-10-20 02:18:12 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-20 02:18:12 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-20 02:18:11 91104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2012-10-20 02:18:11 889848 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-10-20 02:18:11 270816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2012-10-20 02:18:11 19424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2012-10-20 02:18:11 155104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2012-10-20 02:18:11 14676960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2012-10-20 02:18:11 145376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2012-10-20 02:18:10 2149888 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\python26.dll
2012-10-20 02:18:10 15672645 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\TexMakerX\texmakerx21_win32-install.exe
2012-10-20 02:18:10 131584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Setup.exe
2012-10-20 02:17:45 5779456 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\tm\packages\setup-2.9.3959.exe
2012-10-20 01:31:45 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-18 17:24:19 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-18 17:21:45 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-18 17:21:44 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-18 17:21:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-18 17:21:33 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-18 17:21:11 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-18 17:21:11 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-18 17:19:26 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-18 17:19:25 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-18 17:19:25 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-18 17:19:24 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-18 17:19:23 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-18 17:19:21 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-14 07:01:44 -------- d-----w- C:\Program Files\ESET
2012-10-14 06:54:15 -------- d-----w- C:\Users\Klinsman\AppData\Local\ElevatedDiagnostics
2012-10-14 06:48:26 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-10-14 06:46:05 -------- d-----w- C:\Users\Klinsman\AppData\Roaming\SpeedyPC Software
2012-10-14 06:46:05 -------- d-----w- C:\Users\Klinsman\AppData\Roaming\DriverCure
2012-10-14 06:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-10-14 06:45:54 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-10-14 06:45:54 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-10-14 06:12:41 -------- d-----w- C:\sh4ldr
2012-10-12 00:05:05 -------- d-----w- C:\Program Files\Enigma Software Group
2012-10-11 05:40:17 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-11 05:40:16 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-11 05:40:16 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-11 05:40:14 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-11 05:40:11 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-11 05:40:11 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-11 05:40:11 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-11 05:40:11 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-09-26 02:18:53 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-09-11 17:22:43 328704 ----a-w- C:\Windows\System32\services.exe
2012-09-10 02:46:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-09-10 02:46:15 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-09 21:14:42 116016 ----a-w- C:\Windows\System32\drivers\49024184.sys
2012-08-09 09:20:09 116016 ----a-w- C:\Windows\System32\drivers\26684419.sys
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 0:46:19.92 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/10/2010 5:26:37 AM
System Uptime: 10/19/2012 11:12:51 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | Microprocessor | 1188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 184.109 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP336: 10/9/2012 8:57:25 PM - Scheduled Checkpoint
RP337: 10/11/2012 1:33:19 AM - Windows Update
RP338: 10/11/2012 2:18:44 AM - Windows Update
RP339: 10/11/2012 8:03:51 PM - Installed SpyHunter
RP340: 10/11/2012 9:10:23 PM - Removed SpyHunter
RP341: 10/11/2012 9:11:50 PM - Removed SpyHunter
RP342: 10/11/2012 9:13:09 PM - Removed SpyHunter
RP343: 10/14/2012 2:11:56 AM - Installed SpyHunter
RP344: 10/16/2012 2:46:41 AM - Uniblue SpeedUpMyPC installation
RP345: 10/16/2012 5:36:30 PM - Windows Update
RP346: 10/18/2012 2:09:29 AM - Restore Operation
RP347: 10/18/2012 3:06:46 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X (10.1.3)
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Avira Free Antivirus
Banctec Service Agreement
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
ESET Online Scanner v3
Fritz8
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
J2SE Runtime Environment 5.0 Update 12
Java Auto Updater
Java™ 6 Update 17 (64-bit)
Java™ 6 Update 29
Junk Mail filter update
Live! Cam Avatar Creator
LyX 2.0.2-1
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MiKTeX 2.9
Mozilla Firefox 15.0.1 (x86 en-GB)
Mozilla Firefox 16.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
ooVoo
Opera 11.51
Opera Next 12.00 alpha build 1116
PowerDVD DX
Quickset64
QuickTime
Roxio Burn
SAS 9.2 (32)
SAS Deployment Tester - Client 1.3
SAS Enterprise Guide 4.2
SAS Versioned Jar Repository 9.2
SAS/SECURE Java 9.2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
Spelling Dictionaries Support For Adobe Reader 9
Stata 12
swMSM
T-Mobile Internet Manager
TexMakerX 2.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebEx
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
ZTE USB Driver
.
==== Event Viewer Messages From Past Week ========
.
10/19/2012 8:13:21 PM, Error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error The security stream for the given volume is in an inconsistent state. Please run CHKDSK on the volume..
10/19/2012 11:16:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
10/19/2012 11:16:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
10/19/2012 11:13:19 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/19/2012 11:13:18 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/19/2012 11:13:17 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/18/2012 2:45:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8004ba1b30, 0xfffffa8004ba1e10, 0xfffff80002fe5460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101812-21808-01.
10/18/2012 2:13:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8004f01060, 0xfffffa8004f01340, 0xfffff80002fe5460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101812-24086-01.
10/18/2012 12:58:47 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/16/2012 2:57:04 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
10/14/2012 9:37:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/14/2012 9:24:44 PM, Error: Service Control Manager [7034] - The UI Assistant Service service terminated unexpectedly. It has done this 1 time(s).
10/14/2012 3:36:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/14/2012 3:01:49 AM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/14/2012 2:35:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/14/2012 2:35:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/14/2012 2:35:32 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
10/14/2012 2:35:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/14/2012 2:35:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/14/2012 2:35:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr ctxusbm discache spldr Wanarpv6
10/14/2012 2:35:12 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/14/2012 1:30:09 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
.
==== End Of File ===========================

All is fine so far

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:38 PM

Posted 20 October 2012 - 12:13 AM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.



-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 October 2012 - 12:24 AM

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 01:17:54
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Klinsman - KLINSMAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Klinsman\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Klinsman\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Klinsman\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Klinsman\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Klinsman\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Users\Klinsman\AppData\Roaming\Mozilla\Firefox\Profiles\zmjox56z.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.92

File : C:\Users\Klinsman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.51.1087.0

File : C:\Users\Klinsman\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3325 octets] - [20/10/2012 01:17:54]

########## EOF - C:\AdwCleaner[S1].txt - [3385 octets] ##########

#8 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 October 2012 - 12:30 AM

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Klinsman [Admin rights]
Mode : Remove -- Date : 10/20/2012 01:29:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][Rogue.AntiSpy-ST] {A9062682-43FE-441A-B4C2-9FFB6336FBBD} : C:\Windows\system32\pcalua.exe -a C:\ProgramData\0C1CFB13E2FC95D5929B16D54F147CE7\0C1CFB13E2FC95D5929B16D54F147CE7.exe -c -u -> DELETED
[TASK][SUSP PATH] {F41843AF-872F-4100-B7D1-EFB2983B5654} : C:\Windows\system32\pcalua.exe -a C:\Users\Klinsman\Desktop\Milos\ProTeXt\Setup.exe -d C:\Users\Klinsman\Desktop\Milos\ProTeXt -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-ST ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 +++++
--- User ---
[MBR] f479c498dff8dacbd7b9f9000b348bef
[BSP] b360eabc7aae22ab32fb89b2f7e2f5b6 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:38 PM

Posted 20 October 2012 - 12:32 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 October 2012 - 01:15 AM

ComboFix 12-10-19.01 - Klinsman 10/20/2012 1:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1926 [GMT -4:00]
Running from: c:\users\Klinsman\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Klinsman\videos\utorrent.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-20 05:56 . 2012-06-29 10:04 9133488 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B258C3A-EAA2-4C84-89B3-E2678C263F40}\mpengine.dll
2012-10-20 01:31 . 2012-10-20 01:31 -------- d-----w- c:\program files (x86)\ESET
2012-10-18 17:24 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-18 17:21 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-18 17:21 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-18 17:21 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-18 17:21 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-18 17:21 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-18 17:21 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-18 17:19 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-18 17:19 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-18 17:19 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-18 17:19 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-18 17:19 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-18 17:19 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-14 07:01 . 2012-10-14 07:01 -------- d-----w- c:\program files\ESET
2012-10-14 06:54 . 2012-10-14 06:54 -------- d-----w- c:\users\Klinsman\AppData\Local\ElevatedDiagnostics
2012-10-14 06:48 . 2012-10-14 06:48 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-14 06:46 . 2012-10-14 06:46 -------- d-----w- c:\users\Klinsman\AppData\Roaming\SpeedyPC Software
2012-10-14 06:46 . 2012-10-14 06:46 -------- d-----w- c:\users\Klinsman\AppData\Roaming\DriverCure
2012-10-14 06:45 . 2012-10-14 06:45 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-10-14 06:45 . 2012-10-14 06:45 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-14 06:45 . 2012-10-14 06:45 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-10-14 06:12 . 2012-10-14 06:12 -------- d-----w- C:\sh4ldr
2012-10-12 00:05 . 2012-10-12 00:05 -------- d-----w- c:\program files\Enigma Software Group
2012-10-11 05:40 . 2012-08-20 17:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-11 05:40 . 2012-08-20 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-11 05:40 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-11 05:40 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-11 05:40 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-11 05:40 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-11 05:40 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-11 05:40 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-09-26 02:18 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 22:16 . 2010-05-11 08:38 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-11 17:22 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-09-10 02:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-10 02:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-07 21:04 . 2011-09-19 02:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 18:12 . 2012-09-13 02:20 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 02:20 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 02:20 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 02:20 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-18 17:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-09 21:14 . 2012-08-09 21:14 116016 ----a-w- c:\windows\system32\drivers\49024184.sys
2012-08-09 09:20 . 2012-08-09 09:20 116016 ----a-w- c:\windows\system32\drivers\26684419.sys
2012-08-02 17:58 . 2012-09-13 02:20 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-13 02:20 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Klinsman\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ooVoo.exe"="c:\program files (x86)\oovoo\oovoo.exe" [2012-02-07 22465104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"UIExec"="c:\program files (x86)\T-Mobile Internet Manager\UIExec.exe" [2009-03-11 131584]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]
.
c:\users\Klinsman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\T-Mobile Internet Manager\AssistantServices.exe [2009-03-11 241664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20 116648]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-12 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-20 115168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20 19:41]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20 19:41]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-791136874-3126932306-3656621370-1000Core.job
- c:\users\Klinsman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 13:34]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-791136874-3126932306-3656621370-1000UA.job
- c:\users\Klinsman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 13:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Klinsman\AppData\Roaming\Mozilla\Firefox\Profiles\zmjox56z.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-20 02:08:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-20 06:08
ComboFix2.txt 2012-10-15 01:58
ComboFix3.txt 2012-10-10 03:33
.
Pre-Run: 198,694,547,456 bytes free
Post-Run: 198,685,102,080 bytes free
.
- - End Of File - - D657F316268FBCAA3F83E7D2F677532C

#11 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 October 2012 - 01:21 AM

computer working fine
10 clicks no redirection so far

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:38 PM

Posted 20 October 2012 - 01:23 AM

Greetings

That is good news but I do want to double check things

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 October 2012 - 01:28 AM

02:26:10.0861 1888 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
02:26:11.0086 1888 ============================================================
02:26:11.0091 1888 Current date / time: 2012/10/20 02:26:11.0086
02:26:11.0091 1888 SystemInfo:
02:26:11.0091 1888
02:26:11.0091 1888 OS Version: 6.1.7601 ServicePack: 1.0
02:26:11.0091 1888 Product type: Workstation
02:26:11.0091 1888 ComputerName: KLINSMAN-PC
02:26:11.0091 1888 UserName: Klinsman
02:26:11.0091 1888 Windows directory: C:\Windows
02:26:11.0091 1888 System windows directory: C:\Windows
02:26:11.0091 1888 Running under WOW64
02:26:11.0091 1888 Processor architecture: Intel x64
02:26:11.0091 1888 Number of processors: 2
02:26:11.0091 1888 Page size: 0x1000
02:26:11.0091 1888 Boot type: Normal boot
02:26:11.0091 1888 ============================================================
02:26:11.0696 1888 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:26:11.0706 1888 ============================================================
02:26:11.0706 1888 \Device\Harddisk0\DR0:
02:26:11.0711 1888 MBR partitions:
02:26:11.0711 1888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
02:26:11.0711 1888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
02:26:11.0711 1888 ============================================================
02:26:11.0771 1888 C: <-> \Device\Harddisk0\DR0\Partition2
02:26:11.0771 1888 ============================================================
02:26:11.0771 1888 Initialize success
02:26:11.0771 1888 ============================================================
02:26:23.0451 2544 ============================================================
02:26:23.0451 2544 Scan started
02:26:23.0451 2544 Mode: Manual;
02:26:23.0451 2544 ============================================================
02:26:24.0116 2544 ================ Scan system memory ========================
02:26:24.0116 2544 System memory - ok
02:26:24.0116 2544 ================ Scan services =============================
02:26:24.0366 2544 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:26:24.0371 2544 1394ohci - ok
02:26:24.0416 2544 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:26:24.0421 2544 ACPI - ok
02:26:24.0466 2544 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:26:24.0471 2544 AcpiPmi - ok
02:26:24.0621 2544 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:26:24.0621 2544 AdobeARMservice - ok
02:26:24.0701 2544 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:26:24.0706 2544 adp94xx - ok
02:26:24.0751 2544 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:26:24.0761 2544 adpahci - ok
02:26:24.0826 2544 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:26:24.0831 2544 adpu320 - ok
02:26:24.0861 2544 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:26:24.0861 2544 AeLookupSvc - ok
02:26:24.0946 2544 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:26:24.0951 2544 AFD - ok
02:26:25.0011 2544 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:26:25.0016 2544 agp440 - ok
02:26:25.0071 2544 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:26:25.0076 2544 ALG - ok
02:26:25.0146 2544 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:26:25.0146 2544 aliide - ok
02:26:25.0201 2544 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:26:25.0201 2544 amdide - ok
02:26:25.0261 2544 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:26:25.0261 2544 AmdK8 - ok
02:26:25.0276 2544 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:26:25.0276 2544 AmdPPM - ok
02:26:25.0356 2544 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:26:25.0356 2544 amdsata - ok
02:26:25.0431 2544 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:26:25.0431 2544 amdsbs - ok
02:26:25.0461 2544 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:26:25.0461 2544 amdxata - ok
02:26:25.0531 2544 [ 9B0B7FDE049CB283FABE5877A49F2611 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
02:26:25.0536 2544 ApfiltrService - ok
02:26:25.0606 2544 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:26:25.0606 2544 AppID - ok
02:26:25.0641 2544 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:26:25.0646 2544 AppIDSvc - ok
02:26:26.0076 2544 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
02:26:26.0076 2544 Appinfo - ok
02:26:26.0191 2544 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:26:26.0191 2544 arc - ok
02:26:26.0211 2544 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:26:26.0211 2544 arcsas - ok
02:26:26.0261 2544 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:26:26.0261 2544 AsyncMac - ok
02:26:26.0316 2544 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:26:26.0316 2544 atapi - ok
02:26:26.0391 2544 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:26:26.0401 2544 AudioEndpointBuilder - ok
02:26:26.0431 2544 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:26:26.0441 2544 AudioSrv - ok
02:26:26.0516 2544 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:26:26.0521 2544 AxInstSV - ok
02:26:26.0591 2544 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:26:26.0596 2544 b06bdrv - ok
02:26:26.0666 2544 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:26:26.0671 2544 b57nd60a - ok
02:26:26.0731 2544 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
02:26:26.0731 2544 BCM42RLY - ok
02:26:26.0851 2544 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
02:26:26.0881 2544 BCM43XX - ok
02:26:26.0971 2544 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:26:26.0971 2544 BDESVC - ok
02:26:27.0031 2544 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:26:27.0031 2544 Beep - ok
02:26:27.0146 2544 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:26:27.0161 2544 BFE - ok
02:26:27.0216 2544 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
02:26:27.0226 2544 BITS - ok
02:26:27.0291 2544 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:26:27.0291 2544 blbdrive - ok
02:26:27.0356 2544 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:26:27.0361 2544 bowser - ok
02:26:27.0406 2544 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:26:27.0406 2544 BrFiltLo - ok
02:26:27.0416 2544 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:26:27.0416 2544 BrFiltUp - ok
02:26:27.0471 2544 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
02:26:27.0471 2544 BridgeMP - ok
02:26:27.0516 2544 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:26:27.0516 2544 Browser - ok
02:26:27.0541 2544 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:26:27.0546 2544 Brserid - ok
02:26:27.0561 2544 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:26:27.0561 2544 BrSerWdm - ok
02:26:27.0606 2544 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:26:27.0606 2544 BrUsbMdm - ok
02:26:27.0611 2544 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:26:27.0616 2544 BrUsbSer - ok
02:26:27.0656 2544 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:26:27.0661 2544 BTHMODEM - ok
02:26:27.0731 2544 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:26:27.0731 2544 bthserv - ok
02:26:27.0771 2544 catchme - ok
02:26:27.0801 2544 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:26:27.0816 2544 cdfs - ok
02:26:27.0886 2544 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
02:26:27.0891 2544 cdrom - ok
02:26:27.0951 2544 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:26:27.0951 2544 CertPropSvc - ok
02:26:28.0016 2544 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:26:28.0016 2544 circlass - ok
02:26:28.0061 2544 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:26:28.0066 2544 CLFS - ok
02:26:28.0186 2544 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:26:28.0191 2544 clr_optimization_v2.0.50727_32 - ok
02:26:28.0256 2544 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:26:28.0261 2544 clr_optimization_v2.0.50727_64 - ok
02:26:28.0366 2544 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:26:28.0371 2544 clr_optimization_v4.0.30319_32 - ok
02:26:28.0481 2544 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:26:28.0481 2544 clr_optimization_v4.0.30319_64 - ok
02:26:28.0546 2544 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:26:28.0546 2544 CmBatt - ok
02:26:28.0566 2544 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:26:28.0571 2544 cmdide - ok
02:26:28.0611 2544 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:26:28.0616 2544 CNG - ok
02:26:28.0681 2544 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:26:28.0681 2544 Compbatt - ok
02:26:28.0736 2544 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:26:28.0736 2544 CompositeBus - ok
02:26:28.0761 2544 COMSysApp - ok
02:26:28.0796 2544 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:26:28.0796 2544 crcdisk - ok
02:26:28.0861 2544 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:26:28.0866 2544 CryptSvc - ok
02:26:28.0916 2544 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
02:26:28.0921 2544 CtClsFlt - ok
02:26:29.0026 2544 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
02:26:29.0026 2544 ctxusbm - ok
02:26:29.0101 2544 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:26:29.0106 2544 DcomLaunch - ok
02:26:29.0216 2544 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:26:29.0221 2544 defragsvc - ok
02:26:29.0281 2544 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:26:29.0286 2544 DfsC - ok
02:26:29.0361 2544 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:26:29.0371 2544 Dhcp - ok
02:26:29.0416 2544 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:26:29.0416 2544 discache - ok
02:26:29.0466 2544 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:26:29.0466 2544 Disk - ok
02:26:29.0531 2544 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:26:29.0536 2544 Dnscache - ok
02:26:29.0696 2544 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
02:26:29.0701 2544 DockLoginService - ok
02:26:29.0776 2544 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:26:29.0781 2544 dot3svc - ok
02:26:29.0816 2544 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:26:29.0821 2544 DPS - ok
02:26:29.0881 2544 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:26:29.0886 2544 drmkaud - ok
02:26:29.0956 2544 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:26:29.0966 2544 DXGKrnl - ok
02:26:30.0061 2544 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:26:30.0066 2544 EapHost - ok
02:26:30.0171 2544 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:26:30.0276 2544 ebdrv - ok
02:26:30.0311 2544 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:26:30.0316 2544 EFS - ok
02:26:30.0371 2544 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:26:30.0386 2544 ehRecvr - ok
02:26:30.0431 2544 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:26:30.0436 2544 ehSched - ok
02:26:30.0476 2544 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:26:30.0486 2544 elxstor - ok
02:26:30.0536 2544 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:26:30.0536 2544 ErrDev - ok
02:26:30.0581 2544 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:26:30.0586 2544 EventSystem - ok
02:26:30.0611 2544 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:26:30.0611 2544 exfat - ok
02:26:30.0651 2544 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:26:30.0656 2544 fastfat - ok
02:26:30.0731 2544 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:26:30.0746 2544 Fax - ok
02:26:30.0816 2544 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:26:30.0816 2544 fdc - ok
02:26:30.0846 2544 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:26:30.0846 2544 fdPHost - ok
02:26:30.0861 2544 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:26:30.0861 2544 FDResPub - ok
02:26:30.0896 2544 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:26:30.0896 2544 FileInfo - ok
02:26:30.0911 2544 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:26:30.0911 2544 Filetrace - ok
02:26:30.0956 2544 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:26:30.0961 2544 flpydisk - ok
02:26:30.0996 2544 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:26:31.0001 2544 FltMgr - ok
02:26:31.0051 2544 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
02:26:31.0091 2544 FontCache - ok
02:26:31.0181 2544 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:26:31.0186 2544 FontCache3.0.0.0 - ok
02:26:31.0216 2544 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:26:31.0216 2544 FsDepends - ok
02:26:31.0256 2544 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:26:31.0256 2544 Fs_Rec - ok
02:26:31.0336 2544 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:26:31.0336 2544 fvevol - ok
02:26:31.0356 2544 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:26:31.0356 2544 gagp30kx - ok
02:26:31.0476 2544 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
02:26:31.0481 2544 GoToAssist - ok
02:26:31.0546 2544 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:26:31.0561 2544 gpsvc - ok
02:26:31.0721 2544 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:26:31.0726 2544 gupdate - ok
02:26:31.0731 2544 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:26:31.0736 2544 gupdatem - ok
02:26:31.0801 2544 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:26:31.0801 2544 hcw85cir - ok
02:26:31.0861 2544 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
02:26:31.0861 2544 HDAudBus - ok
02:26:31.0881 2544 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:26:31.0881 2544 HidBatt - ok
02:26:31.0901 2544 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:26:31.0906 2544 HidBth - ok
02:26:31.0926 2544 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:26:31.0926 2544 HidIr - ok
02:26:31.0951 2544 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
02:26:31.0956 2544 hidserv - ok
02:26:32.0026 2544 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
02:26:32.0026 2544 HidUsb - ok
02:26:32.0056 2544 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:26:32.0056 2544 hkmsvc - ok
02:26:32.0101 2544 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:26:32.0106 2544 HomeGroupListener - ok
02:26:32.0136 2544 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:26:32.0141 2544 HomeGroupProvider - ok
02:26:32.0206 2544 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:26:32.0206 2544 HpSAMD - ok
02:26:32.0281 2544 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:26:32.0301 2544 HTTP - ok
02:26:32.0341 2544 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:26:32.0341 2544 hwpolicy - ok
02:26:32.0391 2544 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
02:26:32.0391 2544 i8042prt - ok
02:26:32.0461 2544 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
02:26:32.0471 2544 IAANTMON - ok
02:26:32.0551 2544 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
02:26:32.0556 2544 iaStor - ok
02:26:32.0606 2544 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:26:32.0611 2544 iaStorV - ok
02:26:32.0661 2544 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:26:32.0681 2544 idsvc - ok
02:26:32.0911 2544 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
02:26:33.0066 2544 igfx - ok
02:26:33.0111 2544 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:26:33.0111 2544 iirsp - ok
02:26:33.0211 2544 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:26:33.0241 2544 IKEEXT - ok
02:26:33.0296 2544 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:26:33.0296 2544 intelide - ok
02:26:33.0356 2544 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:26:33.0356 2544 intelppm - ok
02:26:33.0391 2544 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:26:33.0396 2544 IPBusEnum - ok
02:26:33.0461 2544 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:26:33.0461 2544 IpFilterDriver - ok
02:26:33.0546 2544 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:26:33.0556 2544 iphlpsvc - ok
02:26:33.0586 2544 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:26:33.0586 2544 IPMIDRV - ok
02:26:33.0651 2544 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:26:33.0656 2544 IPNAT - ok
02:26:33.0696 2544 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:26:33.0696 2544 IRENUM - ok
02:26:33.0721 2544 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:26:33.0721 2544 isapnp - ok
02:26:33.0761 2544 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:26:33.0766 2544 iScsiPrt - ok
02:26:33.0816 2544 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
02:26:33.0816 2544 kbdclass - ok
02:26:33.0876 2544 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
02:26:33.0876 2544 kbdhid - ok
02:26:33.0901 2544 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:26:33.0901 2544 KeyIso - ok
02:26:33.0936 2544 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:26:33.0941 2544 KSecDD - ok
02:26:33.0976 2544 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:26:33.0981 2544 KSecPkg - ok
02:26:34.0041 2544 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:26:34.0041 2544 ksthunk - ok
02:26:34.0096 2544 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:26:34.0101 2544 KtmRm - ok
02:26:34.0161 2544 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
02:26:34.0166 2544 LanmanServer - ok
02:26:34.0226 2544 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:26:34.0231 2544 LanmanWorkstation - ok
02:26:34.0276 2544 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:26:34.0281 2544 lltdio - ok
02:26:34.0356 2544 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:26:34.0361 2544 lltdsvc - ok
02:26:34.0381 2544 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:26:34.0386 2544 lmhosts - ok
02:26:34.0451 2544 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:26:34.0451 2544 LSI_FC - ok
02:26:34.0461 2544 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:26:34.0466 2544 LSI_SAS - ok
02:26:34.0516 2544 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:26:34.0516 2544 LSI_SAS2 - ok
02:26:34.0526 2544 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:26:34.0531 2544 LSI_SCSI - ok
02:26:34.0576 2544 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:26:34.0581 2544 luafv - ok
02:26:34.0651 2544 [ F093EF8279734393B0A134FB55C5657D ] massfilter C:\Windows\system32\drivers\massfilter.sys
02:26:34.0651 2544 massfilter - ok
02:26:34.0761 2544 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
02:26:34.0766 2544 McComponentHostService - ok
02:26:34.0801 2544 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:26:34.0806 2544 Mcx2Svc - ok
02:26:34.0906 2544 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
02:26:34.0911 2544 MDM - ok
02:26:34.0946 2544 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:26:34.0951 2544 megasas - ok
02:26:34.0976 2544 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:26:34.0981 2544 MegaSR - ok
02:26:35.0026 2544 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:26:35.0031 2544 MMCSS - ok
02:26:35.0046 2544 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:26:35.0051 2544 Modem - ok
02:26:35.0071 2544 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:26:35.0071 2544 monitor - ok
02:26:35.0116 2544 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
02:26:35.0116 2544 mouclass - ok
02:26:35.0171 2544 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:26:35.0171 2544 mouhid - ok
02:26:35.0231 2544 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:26:35.0231 2544 mountmgr - ok
02:26:35.0361 2544 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:26:35.0366 2544 MozillaMaintenance - ok
02:26:35.0401 2544 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:26:35.0406 2544 mpio - ok
02:26:35.0426 2544 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:26:35.0426 2544 mpsdrv - ok
02:26:35.0526 2544 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:26:35.0546 2544 MpsSvc - ok
02:26:35.0611 2544 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:26:35.0616 2544 MRxDAV - ok
02:26:35.0651 2544 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:26:35.0656 2544 mrxsmb - ok
02:26:35.0706 2544 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:26:35.0711 2544 mrxsmb10 - ok
02:26:35.0721 2544 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:26:35.0726 2544 mrxsmb20 - ok
02:26:35.0776 2544 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:26:35.0776 2544 msahci - ok
02:26:35.0806 2544 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:26:35.0811 2544 msdsm - ok
02:26:35.0831 2544 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:26:35.0836 2544 MSDTC - ok
02:26:35.0896 2544 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:26:35.0896 2544 Msfs - ok
02:26:35.0916 2544 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:26:35.0916 2544 mshidkmdf - ok
02:26:35.0956 2544 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:26:35.0956 2544 msisadrv - ok
02:26:36.0026 2544 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:26:36.0031 2544 MSiSCSI - ok
02:26:36.0036 2544 msiserver - ok
02:26:36.0086 2544 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:26:36.0086 2544 MSKSSRV - ok
02:26:36.0131 2544 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:26:36.0131 2544 MSPCLOCK - ok
02:26:36.0141 2544 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:26:36.0141 2544 MSPQM - ok
02:26:36.0186 2544 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:26:36.0191 2544 MsRPC - ok
02:26:36.0241 2544 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:26:36.0241 2544 mssmbios - ok
02:26:36.0291 2544 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:26:36.0291 2544 MSTEE - ok
02:26:36.0316 2544 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:26:36.0316 2544 MTConfig - ok
02:26:36.0366 2544 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:26:36.0366 2544 Mup - ok
02:26:36.0406 2544 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:26:36.0416 2544 napagent - ok
02:26:36.0481 2544 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:26:36.0486 2544 NativeWifiP - ok
02:26:36.0566 2544 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:26:36.0586 2544 NDIS - ok
02:26:36.0651 2544 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:26:36.0651 2544 NdisCap - ok
02:26:36.0701 2544 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:26:36.0701 2544 NdisTapi - ok
02:26:36.0756 2544 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:26:36.0756 2544 Ndisuio - ok
02:26:36.0796 2544 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:26:36.0801 2544 NdisWan - ok
02:26:36.0831 2544 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:26:36.0831 2544 NDProxy - ok
02:26:36.0901 2544 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:26:36.0901 2544 NetBIOS - ok
02:26:36.0931 2544 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:26:36.0936 2544 NetBT - ok
02:26:36.0956 2544 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:26:36.0956 2544 Netlogon - ok
02:26:37.0031 2544 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:26:37.0036 2544 Netman - ok
02:26:37.0066 2544 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:26:37.0076 2544 netprofm - ok
02:26:37.0141 2544 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:26:37.0141 2544 NetTcpPortSharing - ok
02:26:37.0176 2544 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:26:37.0176 2544 nfrd960 - ok
02:26:37.0241 2544 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:26:37.0251 2544 NlaSvc - ok
02:26:37.0271 2544 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:26:37.0271 2544 Npfs - ok
02:26:37.0301 2544 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:26:37.0306 2544 nsi - ok
02:26:37.0321 2544 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:26:37.0321 2544 nsiproxy - ok
02:26:37.0381 2544 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:26:37.0426 2544 Ntfs - ok
02:26:37.0466 2544 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:26:37.0466 2544 Null - ok
02:26:37.0536 2544 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:26:37.0541 2544 nvraid - ok
02:26:37.0576 2544 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:26:37.0576 2544 nvstor - ok
02:26:37.0621 2544 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:26:37.0626 2544 nv_agp - ok
02:26:37.0731 2544 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:26:37.0736 2544 odserv - ok
02:26:37.0776 2544 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:26:37.0776 2544 ohci1394 - ok
02:26:37.0821 2544 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:26:37.0826 2544 ose - ok
02:26:37.0886 2544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:26:37.0891 2544 p2pimsvc - ok
02:26:37.0926 2544 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:26:37.0936 2544 p2psvc - ok
02:26:37.0976 2544 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:26:37.0981 2544 Parport - ok
02:26:38.0011 2544 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:26:38.0011 2544 partmgr - ok
02:26:38.0031 2544 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:26:38.0036 2544 PcaSvc - ok
02:26:38.0066 2544 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:26:38.0066 2544 pci - ok
02:26:38.0086 2544 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:26:38.0086 2544 pciide - ok
02:26:38.0126 2544 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:26:38.0131 2544 pcmcia - ok
02:26:38.0151 2544 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:26:38.0151 2544 pcw - ok
02:26:38.0186 2544 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:26:38.0201 2544 PEAUTH - ok
02:26:38.0316 2544 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:26:38.0316 2544 PerfHost - ok
02:26:38.0446 2544 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:26:38.0496 2544 pla - ok
02:26:38.0546 2544 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:26:38.0556 2544 PlugPlay - ok
02:26:38.0591 2544 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:26:38.0596 2544 PNRPAutoReg - ok
02:26:38.0616 2544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:26:38.0621 2544 PNRPsvc - ok
02:26:38.0661 2544 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:26:38.0671 2544 PolicyAgent - ok
02:26:38.0711 2544 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:26:38.0716 2544 Power - ok
02:26:38.0786 2544 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:26:38.0791 2544 PptpMiniport - ok
02:26:38.0811 2544 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:26:38.0811 2544 Processor - ok
02:26:38.0866 2544 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
02:26:38.0871 2544 ProfSvc - ok
02:26:38.0891 2544 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:26:38.0891 2544 ProtectedStorage - ok
02:26:38.0956 2544 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:26:38.0961 2544 Psched - ok
02:26:39.0021 2544 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
02:26:39.0026 2544 PxHlpa64 - ok
02:26:39.0081 2544 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:26:39.0131 2544 ql2300 - ok
02:26:39.0151 2544 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:26:39.0151 2544 ql40xx - ok
02:26:39.0191 2544 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:26:39.0201 2544 QWAVE - ok
02:26:39.0226 2544 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:26:39.0231 2544 QWAVEdrv - ok
02:26:39.0236 2544 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:26:39.0236 2544 RasAcd - ok
02:26:39.0306 2544 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:26:39.0306 2544 RasAgileVpn - ok
02:26:39.0346 2544 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:26:39.0351 2544 RasAuto - ok
02:26:39.0376 2544 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:26:39.0381 2544 Rasl2tp - ok
02:26:39.0451 2544 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:26:39.0456 2544 RasMan - ok
02:26:39.0491 2544 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:26:39.0496 2544 RasPppoe - ok
02:26:39.0546 2544 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:26:39.0546 2544 RasSstp - ok
02:26:39.0581 2544 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:26:39.0586 2544 rdbss - ok
02:26:39.0611 2544 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:26:39.0611 2544 rdpbus - ok
02:26:39.0626 2544 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:26:39.0626 2544 RDPCDD - ok
02:26:39.0681 2544 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:26:39.0681 2544 RDPENCDD - ok
02:26:39.0706 2544 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:26:39.0706 2544 RDPREFMP - ok
02:26:39.0751 2544 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:26:39.0751 2544 RDPWD - ok
02:26:39.0806 2544 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:26:39.0811 2544 rdyboost - ok
02:26:39.0881 2544 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:26:39.0881 2544 RemoteAccess - ok
02:26:39.0931 2544 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:26:39.0936 2544 RemoteRegistry - ok
02:26:39.0956 2544 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:26:39.0961 2544 RpcEptMapper - ok
02:26:39.0986 2544 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:26:39.0986 2544 RpcLocator - ok
02:26:40.0031 2544 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
02:26:40.0041 2544 RpcSs - ok
02:26:40.0116 2544 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:26:40.0116 2544 rspndr - ok
02:26:40.0151 2544 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
02:26:40.0151 2544 RSUSBSTOR - ok
02:26:40.0166 2544 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:26:40.0171 2544 SamSs - ok
02:26:40.0206 2544 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:26:40.0206 2544 sbp2port - ok
02:26:40.0256 2544 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:26:40.0276 2544 SCardSvr - ok
02:26:40.0346 2544 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:26:40.0351 2544 scfilter - ok
02:26:40.0401 2544 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:26:40.0416 2544 Schedule - ok
02:26:40.0471 2544 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:26:40.0471 2544 SCPolicySvc - ok
02:26:40.0511 2544 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:26:40.0516 2544 SDRSVC - ok
02:26:40.0566 2544 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:26:40.0571 2544 secdrv - ok
02:26:40.0606 2544 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:26:40.0606 2544 seclogon - ok
02:26:40.0651 2544 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
02:26:40.0656 2544 SENS - ok
02:26:40.0676 2544 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:26:40.0681 2544 SensrSvc - ok
02:26:40.0726 2544 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:26:40.0731 2544 Serenum - ok
02:26:40.0786 2544 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:26:40.0791 2544 Serial - ok
02:26:40.0821 2544 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:26:40.0821 2544 sermouse - ok
02:26:40.0866 2544 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:26:40.0871 2544 SessionEnv - ok
02:26:40.0911 2544 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:26:40.0911 2544 sffdisk - ok
02:26:40.0931 2544 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:26:40.0931 2544 sffp_mmc - ok
02:26:40.0946 2544 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:26:40.0946 2544 sffp_sd - ok
02:26:40.0971 2544 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:26:40.0971 2544 sfloppy - ok
02:26:41.0071 2544 [ BEB504962E36D6F368EBFC702A659E09 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
02:26:41.0081 2544 SftService - ok
02:26:41.0181 2544 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:26:41.0191 2544 SharedAccess - ok
02:26:41.0236 2544 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:26:41.0246 2544 ShellHWDetection - ok
02:26:41.0276 2544 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:26:41.0276 2544 SiSRaid2 - ok
02:26:41.0286 2544 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:26:41.0286 2544 SiSRaid4 - ok
02:26:41.0411 2544 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
02:26:41.0416 2544 SkypeUpdate - ok
02:26:41.0436 2544 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:26:41.0436 2544 Smb - ok
02:26:41.0491 2544 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:26:41.0496 2544 SNMPTRAP - ok
02:26:41.0516 2544 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:26:41.0516 2544 spldr - ok
02:26:41.0571 2544 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
02:26:41.0581 2544 Spooler - ok
02:26:41.0691 2544 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:26:41.0786 2544 sppsvc - ok
02:26:41.0846 2544 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:26:41.0851 2544 sppuinotify - ok
02:26:41.0946 2544 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
02:26:41.0951 2544 sprtsvc_DellSupportCenter - ok
02:26:41.0996 2544 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:26:42.0006 2544 srv - ok
02:26:42.0021 2544 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:26:42.0031 2544 srv2 - ok
02:26:42.0051 2544 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:26:42.0051 2544 srvnet - ok
02:26:42.0116 2544 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:26:42.0121 2544 SSDPSRV - ok
02:26:42.0141 2544 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:26:42.0146 2544 SstpSvc - ok
02:26:42.0326 2544 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
02:26:42.0331 2544 STacSV - ok
02:26:42.0361 2544 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:26:42.0361 2544 stexstor - ok
02:26:42.0401 2544 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
02:26:42.0411 2544 STHDA - ok
02:26:42.0461 2544 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:26:42.0471 2544 stisvc - ok
02:26:42.0521 2544 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:26:42.0521 2544 swenum - ok
02:26:42.0601 2544 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:26:42.0611 2544 swprv - ok
02:26:42.0686 2544 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:26:42.0731 2544 SysMain - ok
02:26:42.0771 2544 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:26:42.0776 2544 TabletInputService - ok
02:26:42.0816 2544 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:26:42.0821 2544 TapiSrv - ok
02:26:42.0841 2544 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:26:42.0846 2544 TBS - ok
02:26:42.0946 2544 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:26:42.0991 2544 Tcpip - ok
02:26:43.0071 2544 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:26:43.0086 2544 TCPIP6 - ok
02:26:43.0131 2544 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:26:43.0131 2544 tcpipreg - ok
02:26:43.0181 2544 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:26:43.0186 2544 TDPIPE - ok
02:26:43.0211 2544 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:26:43.0211 2544 TDTCP - ok
02:26:43.0246 2544 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:26:43.0246 2544 tdx - ok
02:26:43.0281 2544 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:26:43.0281 2544 TermDD - ok
02:26:43.0341 2544 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:26:43.0356 2544 TermService - ok
02:26:43.0396 2544 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:26:43.0401 2544 Themes - ok
02:26:43.0441 2544 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:26:43.0441 2544 THREADORDER - ok
02:26:43.0461 2544 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:26:43.0466 2544 TrkWks - ok
02:26:43.0536 2544 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:26:43.0541 2544 TrustedInstaller - ok
02:26:43.0576 2544 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:26:43.0576 2544 tssecsrv - ok
02:26:43.0636 2544 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:26:43.0636 2544 TsUsbFlt - ok
02:26:43.0711 2544 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:26:43.0711 2544 tunnel - ok
02:26:43.0746 2544 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:26:43.0746 2544 uagp35 - ok
02:26:43.0791 2544 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:26:43.0796 2544 udfs - ok
02:26:43.0946 2544 [ E7F64771781C396E4C4CA0CE1B0A3B0A ] UI Assistant Service C:\Program Files (x86)\T-Mobile Internet Manager\AssistantServices.exe
02:26:43.0951 2544 UI Assistant Service - ok
02:26:43.0986 2544 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:26:43.0991 2544 UI0Detect - ok
02:26:44.0041 2544 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:26:44.0041 2544 uliagpkx - ok
02:26:44.0106 2544 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
02:26:44.0106 2544 umbus - ok
02:26:44.0126 2544 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:26:44.0126 2544 UmPass - ok
02:26:44.0166 2544 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:26:44.0176 2544 upnphost - ok
02:26:44.0236 2544 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
02:26:44.0241 2544 usbaudio - ok
02:26:44.0266 2544 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:26:44.0286 2544 usbccgp - ok
02:26:44.0326 2544 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:26:44.0331 2544 usbcir - ok
02:26:44.0356 2544 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:26:44.0356 2544 usbehci - ok
02:26:44.0421 2544 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:26:44.0426 2544 usbhub - ok
02:26:44.0441 2544 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:26:44.0446 2544 usbohci - ok
02:26:44.0506 2544 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:26:44.0506 2544 usbprint - ok
02:26:44.0531 2544 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:26:44.0531 2544 usbscan - ok
02:26:44.0571 2544 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
02:26:44.0571 2544 USBSTOR - ok
02:26:44.0611 2544 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:26:44.0611 2544 usbuhci - ok
02:26:44.0676 2544 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
02:26:44.0681 2544 usbvideo - ok
02:26:44.0706 2544 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:26:44.0711 2544 UxSms - ok
02:26:44.0731 2544 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:26:44.0736 2544 VaultSvc - ok
02:26:44.0791 2544 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:26:44.0796 2544 vdrvroot - ok
02:26:44.0856 2544 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:26:44.0866 2544 vds - ok
02:26:44.0901 2544 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:26:44.0906 2544 vga - ok
02:26:44.0921 2544 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:26:44.0921 2544 VgaSave - ok
02:26:44.0956 2544 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:26:44.0961 2544 vhdmp - ok
02:26:45.0001 2544 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:26:45.0006 2544 viaide - ok
02:26:45.0026 2544 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:26:45.0026 2544 volmgr - ok
02:26:45.0076 2544 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:26:45.0081 2544 volmgrx - ok
02:26:45.0106 2544 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:26:45.0111 2544 volsnap - ok
02:26:45.0146 2544 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:26:45.0146 2544 vsmraid - ok
02:26:45.0206 2544 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
02:26:45.0256 2544 VSS - ok
02:26:45.0321 2544 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:26:45.0326 2544 vwifibus - ok
02:26:45.0381 2544 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:26:45.0386 2544 vwififlt - ok
02:26:45.0426 2544 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:26:45.0436 2544 W32Time - ok
02:26:45.0506 2544 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:26:45.0511 2544 WacomPen - ok
02:26:45.0576 2544 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:26:45.0576 2544 WANARP - ok
02:26:45.0606 2544 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:26:45.0606 2544 Wanarpv6 - ok
02:26:45.0701 2544 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:26:45.0741 2544 WatAdminSvc - ok
02:26:45.0841 2544 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
02:26:45.0886 2544 wbengine - ok
02:26:45.0961 2544 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:26:45.0971 2544 WbioSrvc - ok
02:26:46.0006 2544 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:26:46.0011 2544 wcncsvc - ok
02:26:46.0031 2544 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:26:46.0036 2544 WcsPlugInService - ok
02:26:46.0061 2544 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:26:46.0061 2544 Wd - ok
02:26:46.0091 2544 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:26:46.0101 2544 Wdf01000 - ok
02:26:46.0156 2544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:26:46.0161 2544 WdiServiceHost - ok
02:26:46.0166 2544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:26:46.0171 2544 WdiSystemHost - ok
02:26:46.0211 2544 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
02:26:46.0216 2544 WebClient - ok
02:26:46.0246 2544 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:26:46.0251 2544 Wecsvc - ok
02:26:46.0281 2544 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:26:46.0286 2544 wercplsupport - ok
02:26:46.0336 2544 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:26:46.0341 2544 WerSvc - ok
02:26:46.0406 2544 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:26:46.0411 2544 WfpLwf - ok
02:26:46.0491 2544 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
02:26:46.0496 2544 WimFltr - ok
02:26:46.0521 2544 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:26:46.0521 2544 WIMMount - ok
02:26:46.0556 2544 WinDefend - ok
02:26:46.0566 2544 WinHttpAutoProxySvc - ok
02:26:46.0631 2544 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:26:46.0636 2544 Winmgmt - ok
02:26:46.0711 2544 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
02:26:46.0776 2544 WinRM - ok
02:26:46.0866 2544 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:26:46.0866 2544 WinUsb - ok
02:26:46.0911 2544 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:26:46.0941 2544 Wlansvc - ok
02:26:47.0146 2544 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:26:47.0211 2544 wlidsvc - ok
02:26:47.0301 2544 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
02:26:47.0301 2544 wltrysvc - ok
02:26:47.0361 2544 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:26:47.0361 2544 WmiAcpi - ok
02:26:47.0401 2544 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:26:47.0401 2544 wmiApSrv - ok
02:26:47.0496 2544 WMPNetworkSvc - ok
02:26:47.0516 2544 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:26:47.0516 2544 WPCSvc - ok
02:26:47.0561 2544 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:26:47.0566 2544 WPDBusEnum - ok
02:26:47.0601 2544 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:26:47.0601 2544 ws2ifsl - ok
02:26:47.0696 2544 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
02:26:47.0701 2544 wscsvc - ok
02:26:47.0706 2544 WSearch - ok
02:26:47.0811 2544 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
02:26:47.0886 2544 wuauserv - ok
02:26:47.0901 2544 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:26:47.0901 2544 WudfPf - ok
02:26:47.0961 2544 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:26:47.0966 2544 WUDFRd - ok
02:26:48.0001 2544 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:26:48.0006 2544 wudfsvc - ok
02:26:48.0036 2544 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
02:26:48.0046 2544 WwanSvc - ok
02:26:48.0121 2544 [ 79D9CE9614C955DD31AA2556B4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
02:26:48.0131 2544 yukonw7 - ok
02:26:48.0191 2544 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
02:26:48.0196 2544 ZTEusbmdm6k - ok
02:26:48.0241 2544 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
02:26:48.0241 2544 ZTEusbnmea - ok
02:26:48.0256 2544 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
02:26:48.0256 2544 ZTEusbser6k - ok
02:26:48.0266 2544 ================ Scan global ===============================
02:26:48.0326 2544 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:26:48.0361 2544 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
02:26:48.0371 2544 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
02:26:48.0416 2544 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:26:48.0451 2544 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:26:48.0456 2544 [Global] - ok
02:26:48.0461 2544 ================ Scan MBR ==================================
02:26:48.0486 2544 [ D7AD5AA31A559120C3BA48FD0A1B1636 ] \Device\Harddisk0\DR0
02:26:48.0846 2544 \Device\Harddisk0\DR0 - ok
02:26:48.0846 2544 ================ Scan VBR ==================================
02:26:48.0851 2544 [ 522DB6195B80E4E46575F11BC6E3296C ] \Device\Harddisk0\DR0\Partition1
02:26:48.0856 2544 \Device\Harddisk0\DR0\Partition1 - ok
02:26:48.0871 2544 [ 67EA42A3E058909016206D4A4634646B ] \Device\Harddisk0\DR0\Partition2
02:26:48.0876 2544 \Device\Harddisk0\DR0\Partition2 - ok
02:26:48.0876 2544 ============================================================
02:26:48.0876 2544 Scan finished
02:26:48.0876 2544 ============================================================
02:26:48.0891 1672 Detected object count: 0
02:26:48.0891 1672 Actual detected object count: 0

#14 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 October 2012 - 01:39 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 02:29:22
-----------------------------
02:29:22.947 OS Version: Windows x64 6.1.7601 Service Pack 1
02:29:22.947 Number of processors: 2 586 0x170A
02:29:22.947 ComputerName: KLINSMAN-PC UserName: Klinsman
02:29:27.482 Initialize success
02:30:41.976 AVAST engine defs: 12101901
02:30:55.131 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:30:55.131 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
02:30:55.151 Disk 0 MBR read successfully
02:30:55.156 Disk 0 MBR scan
02:30:55.161 Disk 0 Windows 7 default MBR code
02:30:55.171 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
02:30:55.191 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
02:30:55.206 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
02:30:55.241 Disk 0 scanning C:\Windows\system32\drivers
02:31:08.246 Service scanning
02:31:42.936 Modules scanning
02:31:42.946 Disk 0 trace - called modules:
02:31:42.976 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
02:31:42.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031d45d0]
02:31:42.991 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e9d050]
02:31:44.706 AVAST engine scan C:\Windows
02:31:48.401 AVAST engine scan C:\Windows\system32
02:34:51.216 AVAST engine scan C:\Windows\system32\drivers
02:35:04.706 AVAST engine scan C:\Users\Klinsman
02:35:05.816 File: C:\Users\Klinsman\AppData\Local\DataSafeOnline\Apps\ntsrpj.dll **INFECTED** Win32:BHO-AGZ [Trj]
02:38:44.080 Disk 0 MBR has been saved successfully to "C:\Users\Klinsman\Desktop\MBR.dat"
02:38:44.087 The log file has been saved successfully to "C:\Users\Klinsman\Desktop\aswMBR.txt"

#15 Milosv3

Milosv3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 20 October 2012 - 01:42 AM

Hi
I removed this infected file.Was that correct move?

Edited by Milosv3, 20 October 2012 - 01:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users