Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect and browser hijacking


  • This topic is locked This topic is locked
21 replies to this topic

#1 vtek

vtek

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 14 October 2013 - 02:07 PM

i was unsure whether i should create this thread given that a search revealed many on this subject, but decided to go for it since my half-baked attempt to fix it may offer an added challenge.
 
a while back, while streaming, i somehow downloaded a bug that corrupted my browsers and redirected google searches to random merchants while also spawning pop ups. fed up, i decided to use some second-hand freeware (eg ad aware) to resolve the issue and route my traffic through the lavasoft website. this got rid of the pop ups and redirects, but now the browser is impossible slow. email, in particular, is unusable.
 
i hope i kept protocol; please help
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490  BrowserJavaVersion: 10.25.2
Run by witold at 18:56:19 on 2013-10-14
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.2.1036.18.4091.1522 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=C423F21F1E795B64BC7C9F51C08DF9DF
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://startsear.ch/?aff=2&cf=6de4a630-3fb4-11e1-8ca0-002564444883
BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Objet d'aide à la navigation SFR: {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} -
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: StartSearchToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\witold\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -update activex
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://extraweb-emea.ey.com/home/extraweb/iNotes6.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{44F35397-9C9C-4DEF-A0B6-26B57D881394} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{858C4883-63A9-41E8-8667-447D6EA241E2} : DHCPNameServer = 10.0.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - LocalServer32 - <no file>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-18 14456]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-8-9 69152]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2009-12-26 33800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-7 55856]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-1 41704]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 FontCache;Service de cache de police Windows;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-8-3 476016]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-8-3 387440]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-21 27648]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-8-7 172032]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-8-7 406016]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-18 89920]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-20 25832]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-6-18 39504]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 PerfHost;Hôte de DLL de compteur de performance;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-8-7 89600]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-08-21 15:33:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 15:33:16 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 18:57:09.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 15 October 2013 - 07:30 AM


Hello vtek

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 vtek

vtek
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 15 October 2013 - 02:09 PM

hi Gringo, thanks for your response. sorry about the attachment in the last one - i wrongly thought that file was meant to be attached.

 

here are the new logs:

 

AdwCleaner:

# AdwCleaner v3.007 - Rapport créé le 15/10/2013 à 18:59:01
# Mis à jour le 09/10/2013 par Xplode
# Système d'exploitation : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Nom d'utilisateur : vtek - VTEC
# Exécuté depuis : C:\Users\vtek\Desktop\AdwCleaner.exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

[!] Dossier Supprimé : C:\ProgramData\adawaretb
[!] Dossier Supprimé : C:\ProgramData\Ask
[!] Dossier Supprimé : C:\ProgramData\Babylon
[!] Dossier Supprimé : C:\ProgramData\blekko toolbars
[!] Dossier Supprimé : C:\ProgramData\Search Protection
[!] Dossier Supprimé : C:\ProgramData\Tarma Installer
[!] Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
[!] Dossier Supprimé : C:\Program Files (x86)\1ClickDownload
[!] Dossier Supprimé : C:\Program Files (x86)\adawaretb
[!] Dossier Supprimé : C:\Program Files (x86)\HDvidCodec.com
[!] Dossier Supprimé : C:\Program Files (x86)\StartSearch plugin
[!] Dossier Supprimé : C:\Program Files (x86)\Uniblue\DriverScanner
[!] Dossier Supprimé : C:\Program Files (x86)\vShare
[!] Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
[!] Dossier Supprimé : C:\Users\vtek\AppData\LocalLow\adawaretb
[!] Dossier Supprimé : C:\Users\vtek\AppData\LocalLow\Delta
[!] Dossier Supprimé : C:\Users\vtek\AppData\LocalLow\vShare
[!] Dossier Supprimé : C:\Users\vtek\AppData\Roaming\Babylon
[!] Dossier Supprimé : C:\Users\vtek\AppData\Roaming\Uniblue\DriverScanner
[!] Dossier Supprimé : C:\Users\vtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
[!] Dossier Supprimé : C:\Users\vtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
[!] Dossier Supprimé : C:\Users\vtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Fichier Supprimé : C:\Users\Public\Desktop\driverscanner.lnk
Fichier Supprimé : C:\Users\vtek\Desktop\HDVidCodec.lnk

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\driverscanner
Clé Supprimée : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Clé Supprimée : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Clé Supprimée : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Clé Supprimée : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clé Supprimée : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Clé Supprimée : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Clé Supprimée : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Clé Supprimée : HKLM\SOFTWARE\Classes\vShare.PugiObj
Clé Supprimée : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Clé Supprimée : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Clé Supprimée : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Clé Supprimée : HKLM\SOFTWARE\52e8ad8b26eed10
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clé Supprimée : HKCU\Software\1ClickDownload
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\DataMngr
[#] Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\StartSearch
Clé Supprimée : HKCU\Software\vShare
Clé Supprimée : HKCU\Software\vShare.tv
Clé Supprimée : HKCU\Software\YahooPartnerToolbar
Clé Supprimée : HKCU\Software\Zugo
Clé Supprimée : HKCU\Software\AppDataLow\Software\adawaretb
Clé Supprimée : HKLM\Software\adawaretb
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\Uniblue\DriverScanner
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Clé Supprimée : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Navigateurs ] *****

-\\ Internet Explorer v9.0.8112.16490

Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

-\\ Google Chrome v

[ Fichier : C:\Users\vtek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [13828 octets] - [15/10/2013 18:53:46]
AdwCleaner[S0].txt - [12455 octets] - [15/10/2013 18:59:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12516 octets] ##########

 

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by vtek on 15/10/2013 at 19:51:55.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Failed to stop: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Failed to stop: [Service] hsswd

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\search protection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-849536552-3425081745-2551734826-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield

 

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\dsmonitor.job
Successfully deleted: [File] "C:\Users\vtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Users\vtek\appdata\local\adawarebp"
Failed to delete: [Folder] "C:\Program Files (x86)\hotspot shield"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{036ED5FC-12EA-42CC-8821-65CD1268DA29}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{03D3DBF2-194F-4785-AF16-FABED94844F0}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{05E4E7F5-B2C4-413E-A140-F9C618953577}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{09047889-F0F8-45F3-9951-2EDD832E55D6}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{0C208856-AF25-4933-9A78-F6C2C32BAB37}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{0C984D4F-6193-4D5B-B807-164BB5741441}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{0CC67C02-4E06-4CD0-B106-968A35E88403}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{0E70254C-702B-4F6B-89A1-10BC8B01F129}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{112CF5FC-8724-4FB3-B335-7BD115D7DE99}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{12709BD7-CFC7-4DBD-9755-3347376B1942}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{14F68140-165C-4E26-9666-812699A30384}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{15432541-BD37-4DF7-A915-082178167A3D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{165910BC-621C-4258-80F9-F45DC8FBFD11}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{19D8B85E-47D1-4D2C-91BB-AAAD9508E5C8}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{1D2FC9E6-ED0D-45A4-AC6D-770E38EEA6A9}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{1DAFB931-05B0-4831-8D9A-DAB1BBAF3627}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{20771F46-70A9-46D0-92E3-124429598CBF}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{215D3C76-5560-4E7D-A1E9-FCE0D404EC52}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{229BFD67-2C4D-441C-B4D3-5B7CC49B3A73}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{22A1C08F-14C7-4961-8DC4-80989F9AB3BC}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{29BEDDB6-C9D3-475E-AD58-1845F359D330}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{2A8DB3FF-9083-4B97-9A15-304580442605}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{2B50ECDC-B29C-4F9A-B67B-FACF620FC76C}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{2F5AEE8E-DEC2-4EDA-A298-F338843C296D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{2FAB9869-2C91-43DB-AE99-331B3BB50E83}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{343705D3-BC20-4255-A370-F3F7F375565D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{348AD620-8F35-40A7-AE22-B6975FD3764E}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{35B3DC78-CC5C-40CD-929D-2456BA3756ED}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{375951DF-3809-4702-9F1A-55C3B0B242A7}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{3777F651-8434-44FC-BF1D-9FEB0E1F46A6}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{3936D0F6-5EBC-443A-B67B-2FF2CC703AD9}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{3936F754-E5D6-492D-8A9D-BA7D93ED60AE}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{3B32F16A-7514-4AB7-8B9C-2B0B25B091C6}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{3C720F55-9155-4B5B-84FC-BE2DD46EB95D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{3D629AEB-B5AA-499D-B8FE-8482002600CA}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{3D8626C3-A0C7-4BD4-AC64-22B6F2EE12BF}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{429E8B27-F908-460E-A192-65EC781F8925}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{43FA5309-4755-4C3F-9FC5-AA02F3A91A09}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{46FEA474-D6A2-4578-B953-43D17093AF59}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{47F2E695-B9C9-4DA4-80D9-C0C107DD0075}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{482B1550-D8BA-4219-A8B2-19FE6E134A93}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{499AFFEA-E90D-4FA1-A9D8-F04931269F96}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{4A031A26-F5E3-47C0-9099-5ADF3776295A}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{4A9B8B96-9209-4EDC-AE06-D9D194D997A0}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{4BDC1EFA-DCC4-492C-94EF-3DDE08857CB8}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{4CE6A5F5-433C-44E1-B176-AF5D77518855}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{4D3EB48F-A1FC-40EA-92B3-5B32F7BC52E8}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{51AC192E-3013-49FE-8220-DC0A90D888D0}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{52590E66-1C33-4DA7-BF0D-DDCE717D80C2}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{53B4F1B2-0691-4A82-AA07-B8AD007C4668}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{53C0A5B3-242B-432E-BA93-D76703343093}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{54F7D485-386E-4EC5-ABFA-A1E54487DFB8}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{589999BD-378A-413E-A0B3-D44403531CB3}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{5A983B7D-9E43-4EB1-B992-C88726940998}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{5ABB19B8-D09F-4917-832D-7C9966D25819}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{5BCF9607-494A-494F-970B-A2C63E83A699}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{5D2B5408-C063-4D37-BFA4-95AF3AF6CBDA}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{5E4033FB-220F-455F-A6ED-D69E7A055171}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{5E644BD1-2383-4C60-A35F-66447023AC0B}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{5FF31083-4CDA-48FE-AA7F-D49ACB191A7A}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{60C39DB5-97B2-4B33-85DE-A221881C2DE4}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{6304A53A-D7BD-46A4-A3D1-EFC9D6D9EFCF}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{6883D3DC-0012-45FE-BA5F-595A8DB17991}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{6B981F12-4F30-4274-ACCD-D27EF0C4942E}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{6D087D85-F5C9-42B4-ABF9-EB5396C33FA3}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{706881C5-CEA9-4067-8BE0-EB1F4E7EE2EE}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{7070F543-7D41-448B-9688-ED03B79C80FF}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{7259888B-AB63-4A69-B511-1EB0243FB45D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{72C1045D-59CF-46E6-B7D8-29DFF06EC07A}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{748B8747-C37D-44E2-A2AD-0AF5EED31ED5}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{7526250F-5DF7-4106-87E0-FCC3CEC7AF03}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{75B7E67B-207D-49C6-B36A-211887D209E3}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{7B06B1AF-C475-43A8-8439-449037049D53}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{7B98F6AA-F366-44E0-B92C-62F2EC35AB56}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{7BB28235-6ABE-49E2-9264-370C6BBC3754}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{7D4F9D6A-EA44-4C7C-9743-0ACE807530DB}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{7D791065-08A5-404B-B589-D72CC02B95AA}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{8032B0F3-1FD1-4DA0-9A7D-64F6C7DCECFC}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{80448FB6-C364-4F01-87D9-B680F1CAF6DC}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{860069E1-7E05-45D4-AD5E-E2E7D30C30AD}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{862CD2CC-4FF2-4908-A4EA-E706B3E2149E}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{87BF37A3-E362-4BDD-843C-5279AEA659E0}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{887D12A3-4A7D-4327-A241-060686C9ACB3}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{88A547F3-6114-4A0B-8924-936D780A7661}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{88CE1228-5A64-4529-B41F-6D84D563F1E1}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{89D3082F-567D-4DDC-895F-A0B008EFC641}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{8A9135EB-DBA9-44C6-9660-E63631D874B2}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{8B347DDB-A53B-46DC-9D43-CB7EDA1FACCB}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{8BCB7643-F643-4F23-943C-B2DB876BA03C}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{8C32AACC-41B3-4262-A250-2399180C9407}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{8D7C3D3C-82FD-416A-831E-F69D538B6242}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{90DF7333-3F11-4921-B5EC-8BC1EB16D7F9}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9242A55C-FBDD-4FB3-9118-102553B0BE75}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9314790D-820F-4A73-8AE9-766A9F1E62EB}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{948E0235-CF7A-4B7C-8ED4-84B492D739D9}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{950709B9-E37D-4CA3-89FF-B4AFF1438148}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{95C9FE61-55D5-46B4-B91E-EB9FE3FA369F}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{96FFBBFA-E4A4-48F5-99C0-871C18175130}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9767F5E0-9DA0-40C5-BBD4-71B2FDB57C01}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{97B3EB04-C7E8-4D51-BB44-9360A8F21BB9}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{97B75D57-727C-47FB-8100-C61579765384}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9B1B5352-42A8-494D-8839-BFF82E0EE881}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9B1D9BF1-BF40-40D8-B75F-A63CDD8085C3}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9CB4B8EE-8AA5-4552-80E0-36E82C1E02D6}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9E14A78C-2F3F-404D-BD87-324B9C27E955}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9F581225-9FF9-43A8-AEA1-7979358E18EB}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{9FC587F6-9322-4905-8EC9-2A77B792CE61}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{A3FF37B5-9D89-46CA-953F-76FAB9052C15}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{A4B219AF-7AD1-4051-96B8-DE05E6EC7A5F}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{A65338E2-1F87-41AD-B005-CD930D514123}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{AAF0AD13-2E8A-47AD-88EC-D4029E26E5CA}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{ADAF0677-EACF-493E-82D0-4B25BEF5B717}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{AF1BF970-BB37-4E2A-83C7-973DEA0959DE}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{B090ABD2-F4BB-425F-B767-90DE53BAF730}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{B0992511-2D4C-4923-B30D-80D7EDBF16F7}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{B1B0BA69-69AB-431B-844C-8AF1241CF9B6}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{B1F4FD3C-7EF3-44A2-8AAC-BFAA376EDEE4}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{B3BC77AB-A49C-4D46-ADC7-B5CF90850B3B}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{B43AC562-6714-4D70-A5B3-96C4AE9ABD6A}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{B9C16289-BF4F-4627-B7CE-DB2381D84FDC}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{BC9A399C-091B-48D1-9DDB-4D3C99D631BB}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{BD43E90A-2B97-4F94-85A2-E32B3696912D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{BEC46B7F-DA42-4884-B5F1-B8EB30D2681D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{BF7D7CDC-140E-4A7F-94F9-2CF403850B7A}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{C037CE54-8CD2-4493-9B52-D71281BF7249}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{C05BB7D5-4338-482E-8C89-5F8CABC38E6D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{C1DDBE22-2838-46B3-90EA-972EF1CB2C5F}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{C4C07F5D-A803-44BD-A8E4-20C8AFEEDF8C}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{C660174B-5D6E-43FA-9E33-73F727EFA04B}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{C949E233-959A-4F53-B6ED-EDDD8B71A26B}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{CA37E2A3-8271-4138-9998-7D5F7BAD3874}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{CD303951-67D5-4683-9487-5DBD41409300}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{CDCB0ED9-A4F2-46D1-AE56-D9B2A1ECC8B2}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{CE50456E-9525-46AB-ABBF-91917687F0ED}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{D140489C-3174-4C5E-92F0-58148C5DB149}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{D39491BE-9F30-4502-BD72-D1723CEA0389}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{D454BBD5-990A-4FFA-8523-8AFD3C2C8D7F}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{D5755702-5002-4D11-8646-9EAF764268AC}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{D8CEE7BF-D55F-4543-8982-1CCC3FEB5EE9}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{DA3DCE5A-1A02-4378-A89A-042E8118703C}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{DA775B15-F6BE-44AE-939D-4051FAB89DCE}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{DB1747CF-CB3C-406E-BE3A-929B13C01D4C}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{DC115A4A-D49E-444B-B04D-B8431B465F48}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{DD540F2A-E829-47C8-A761-1B25781E3203}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{DDF4CFF1-ACA5-4988-8987-CB330CCDB7E1}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{DE100C15-DD69-4D0F-ADE2-8BAAAFD5704D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{E3DB0EB0-FEE9-4F64-83BB-260C2856FB80}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{E6C01C5E-1620-4163-924D-94EAA258A672}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{E6F65B27-F8E1-4280-9442-AAEDFEF6AF24}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{E7D1F009-9291-4A3E-8CBE-4467B1059568}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{E8C0927F-3E4F-4FA5-86AF-125F1E5606AE}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{E8C32F85-967F-47F3-A874-A29568163CF7}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{EAFFB25F-68F6-4C7E-ADC7-1868E87AEE80}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{EF061C0F-8B28-496A-8C45-BF2D2BCA9C81}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{F0946D84-4994-435B-AA8E-8BD690B95B9E}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{F12CEF26-C202-448A-B8A2-697250669643}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{F16642F5-740B-4DCE-A1D3-129782E13E9F}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{F37F1BAB-FCB4-40C9-904E-715E2EDE0CC7}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{F3FBAC91-40EF-4EEC-95DB-828B4CA79521}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{F4825E23-1EB5-440F-A93F-1F9798B33199}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{F6B6B45E-73FC-4756-B20C-3AFC1E84D41D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{F919E0E8-01EE-4C2B-9D8F-52447F167458}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{FACF51DF-09E5-43EB-8E5D-95FB7EDE2982}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{FDB98DE6-6574-4F76-9251-C4A781B9BAC8}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{FDF6340D-D71D-4DCC-BD2F-D7C07D742E8D}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{FE6B4213-5B19-4D5B-B629-FD9EF9BE8370}
Successfully deleted: [Empty Folder] C:\Users\vtek\appdata\local\{FF3B8136-C123-4041-BD34-8156650BEBF3}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/10/2013 at 20:03:28.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by vtek, 15 October 2013 - 05:03 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 15 October 2013 - 03:16 PM


Hello vtek

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vtek

vtek
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 15 October 2013 - 05:42 PM

i seem to be stuck. i can't find a disabling option for my ad-aware antivirus and i can't run combofix as a result.

i get an nsis error that aborts the program. how can i fix this?



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 15 October 2013 - 06:58 PM

Hello

try and download it again and see if it will run


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 vtek

vtek
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 16 October 2013 - 01:56 PM

hi, managed to run it despite not being able to disable the lavasoft antivirus. not yet clear what the repercussions of that will be. unfortunately, the computer is as slow as ever.

 

here is the log:

ComboFix 13-10-15.02 - vtek 16/10/2013  19:01:32.1.2 - x64
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.2.1036.18.4091.2283 [GMT 1:00]
Running from: c:\users\vtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99NKB0RA\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$e9bff733dc752a2a1a2f0ba55a461f6e
c:\$recycle.bin\S-1-5-18\$e9bff733dc752a2a1a2f0ba55a461f6e\@
c:\$recycle.bin\S-1-5-18\$e9bff733dc752a2a1a2f0ba55a461f6e\n
C:\Install.exe
c:\users\vtek\AppData\Roaming\Cemied
c:\users\vtek\AppData\Roaming\Cemied\mokeo.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-16 to 2013-10-16  )))))))))))))))))))))))))))))))
.
.
2013-10-15 18:51 . 2013-10-15 18:51 -------- d-----w- c:\windows\ERUNT
2013-10-15 17:53 . 2013-10-15 18:00 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-15 18:51 . 2012-04-11 17:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-15 18:51 . 2011-05-22 16:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:51]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 22:18]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 22:18]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849536552-3425081745-2551734826-1000Core.job
- c:\users\vtek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 22:31]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849536552-3425081745-2551734826-1000UA.job
- c:\users\vtek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-08 1780520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-07 170496]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2012-09-20 201608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-HotspotShield - c:\program files (x86)\Hotspot Shield\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2013-10-16  19:28:16 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-16 18:28
.
Pre-Run: 6,679,810,048 octets libres
Post-Run: 6,909,116,416 octets libres
.
- - End Of File - - 8524D2BC2748461C55011C1771FDE72A
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 16 October 2013 - 11:21 PM


Hello vtek

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 vtek

vtek
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 17 October 2013 - 03:36 PM

thanks, here goes.

 

it's a bit better now that there are no random pop ups, but still slow overall.

 

roguekiller first:

RogueKiller V8.7.4 [Oct 16 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Demarrage : Mode normal
Utilisateur : vtek [Droits d'admin]
Mode : Suppression -- Date : 10/17/2013 21:14:41
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] TDSSKiller (2).exe -- C:\Users\witold\Desktop\TDSSKiller (2).exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Le fichier spécifié est introuvable.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][ROGUE ST] 4840 : wscript.exe - C:\Users\witold\AppData\Local\Temp\launchie.vbs //B -> SUPPRIMÉ

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Lecteurs de disque standard) - WDC WD3200BEVT-75ZCT2 +++++
--- User ---
[MBR] 13a5594315f5a5bc304042e095e3ea70
[BSP] b846294e2ce334af6fb7fd3096eaeba8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_D_10172013_211441.txt >>
RKreport[0]_S_10172013_211135.txt


Edited by vtek, 17 October 2013 - 03:44 PM.


#10 vtek

vtek
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 17 October 2013 - 03:41 PM

here's the tdss killer:

20:31:47.0527 3732  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:42:59.0194 3732  ============================================================
20:42:59.0194 3732  Current date / time: 2013/10/17 20:42:59.0194
20:42:59.0194 3732  SystemInfo:
20:42:59.0194 3732 
20:42:59.0194 3732  OS Version: 6.0.6002 ServicePack: 2.0
20:42:59.0194 3732  Product type: Workstation
20:42:59.0194 3732  ComputerName: VTEC
20:42:59.0195 3732  UserName: vtek
20:42:59.0195 3732  Windows directory: C:\Windows
20:42:59.0195 3732  System windows directory: C:\Windows
20:42:59.0195 3732  Running under WOW64
20:42:59.0195 3732  Processor architecture: Intel x64
20:42:59.0195 3732  Number of processors: 2
20:42:59.0195 3732  Page size: 0x1000
20:42:59.0195 3732  Boot type: Normal boot
20:42:59.0195 3732  ============================================================
20:42:59.0820 3732  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:42:59.0830 3732  ============================================================
20:42:59.0830 3732  \Device\Harddisk0\DR0:
20:42:59.0830 3732  MBR partitions:
20:42:59.0830 3732  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
20:42:59.0830 3732  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
20:42:59.0830 3732  ============================================================
20:42:59.0869 3732  C: <-> \Device\Harddisk0\DR0\Partition2
20:42:59.0895 3732  E: <-> \Device\Harddisk0\DR0\Partition1
20:42:59.0895 3732  ============================================================
20:42:59.0895 3732  Initialize success
20:42:59.0895 3732  ============================================================
20:43:12.0254 5808  ============================================================
20:43:12.0254 5808  Scan started
20:43:12.0254 5808  Mode: Manual;
20:43:12.0254 5808  ============================================================
20:43:13.0149 5808  ================ Scan system memory ========================
20:43:13.0149 5808  System memory - ok
20:43:13.0150 5808  ================ Scan services =============================
20:43:14.0094 5808  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:43:14.0116 5808  ACPI - ok
20:43:14.0321 5808  [ 9D90344179ED6A05959DE40FC934A022 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
20:43:14.0334 5808  Ad-Aware Service - ok
20:43:14.0479 5808  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:43:14.0482 5808  AdobeFlashPlayerUpdateSvc - ok
20:43:14.0548 5808  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:43:14.0558 5808  adp94xx - ok
20:43:14.0608 5808  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:43:14.0615 5808  adpahci - ok
20:43:14.0665 5808  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:43:14.0668 5808  adpu160m - ok
20:43:14.0699 5808  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:43:14.0703 5808  adpu320 - ok
20:43:14.0748 5808  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:43:14.0749 5808  AeLookupSvc - ok
20:43:14.0841 5808  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
20:43:14.0843 5808  AESTFilters - ok
20:43:14.0934 5808  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
20:43:14.0943 5808  AFD - ok
20:43:14.0988 5808  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:43:14.0990 5808  agp440 - ok
20:43:15.0022 5808  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:43:15.0025 5808  aic78xx - ok
20:43:15.0049 5808  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
20:43:15.0051 5808  ALG - ok
20:43:15.0075 5808  [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:43:15.0077 5808  aliide - ok
20:43:15.0116 5808  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
20:43:15.0117 5808  amdide - ok
20:43:15.0171 5808  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:43:15.0173 5808  AmdK8 - ok
20:43:15.0231 5808  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
20:43:15.0233 5808  Appinfo - ok
20:43:15.0298 5808  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
20:43:15.0301 5808  arc - ok
20:43:15.0348 5808  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:43:15.0351 5808  arcsas - ok
20:43:15.0392 5808  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:15.0393 5808  AsyncMac - ok
20:43:15.0411 5808  [ F988BB0690CD660318037908E9B8DBF7 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:43:15.0412 5808  atapi - ok
20:43:15.0479 5808  [ 31C5A1C3C0DCD34720B6BF59940CC9F3 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:43:15.0525 5808  Ati External Event Utility - ok
20:43:15.0691 5808  [ A4379447148EE55330768CC491EE999E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:43:15.0864 5808  atikmdag - ok
20:43:15.0974 5808  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:43:15.0984 5808  AudioEndpointBuilder - ok
20:43:16.0052 5808  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:43:16.0057 5808  AudioSrv - ok
20:43:16.0136 5808  [ A7C9995BA861FCE78B2CEAAE61D39FD7 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
20:43:16.0138 5808  BCM42RLY - ok
20:43:16.0230 5808  [ 912012B708A7D8E8CE2EE55AFB663DFF ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
20:43:16.0246 5808  BCM43XX - ok
20:43:16.0360 5808  Beep - ok
20:43:16.0445 5808  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
20:43:16.0455 5808  BFE - ok
20:43:16.0547 5808  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
20:43:16.0588 5808  BITS - ok
20:43:16.0650 5808  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:43:16.0652 5808  blbdrive - ok
20:43:16.0733 5808  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:43:16.0736 5808  bowser - ok
20:43:16.0767 5808  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:43:16.0769 5808  BrFiltLo - ok
20:43:16.0791 5808  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:43:16.0793 5808  BrFiltUp - ok
20:43:16.0840 5808  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
20:43:16.0844 5808  Browser - ok
20:43:16.0900 5808  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:43:16.0903 5808  Brserid - ok
20:43:16.0960 5808  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:43:16.0962 5808  BrSerWdm - ok
20:43:17.0038 5808  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:43:17.0039 5808  BrUsbMdm - ok
20:43:17.0057 5808  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:43:17.0058 5808  BrUsbSer - ok
20:43:17.0075 5808  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:43:17.0078 5808  BTHMODEM - ok
20:43:17.0096 5808  catchme - ok
20:43:17.0163 5808  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:43:17.0166 5808  cdfs - ok
20:43:17.0235 5808  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:43:17.0238 5808  cdrom - ok
20:43:17.0272 5808  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:43:17.0273 5808  CertPropSvc - ok
20:43:17.0308 5808  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:43:17.0310 5808  circlass - ok
20:43:17.0373 5808  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
20:43:17.0381 5808  CLFS - ok
20:43:17.0576 5808  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:43:17.0578 5808  clr_optimization_v2.0.50727_32 - ok
20:43:17.0649 5808  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:43:17.0652 5808  clr_optimization_v2.0.50727_64 - ok
20:43:17.0708 5808  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:43:17.0710 5808  CmBatt - ok
20:43:17.0734 5808  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:43:17.0736 5808  cmdide - ok
20:43:17.0754 5808  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:43:17.0756 5808  Compbatt - ok
20:43:17.0763 5808  COMSysApp - ok
20:43:17.0798 5808  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:43:17.0800 5808  crcdisk - ok
20:43:17.0902 5808  [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:43:17.0907 5808  CryptSvc - ok
20:43:17.0962 5808  [ FC1F55BA03832FBB0DAF965F746C47BB ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:43:17.0966 5808  CtClsFlt - ok
20:43:18.0043 5808  [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc    C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:43:18.0044 5808  DAUpdaterSvc - ok
20:43:18.0131 5808  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:43:18.0142 5808  DcomLaunch - ok
20:43:18.0292 5808  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:43:18.0296 5808  DfsC - ok
20:43:18.0457 5808  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
20:43:18.0552 5808  DFSR - ok
20:43:18.0636 5808  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:43:18.0661 5808  Dhcp - ok
20:43:18.0748 5808  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
20:43:18.0750 5808  disk - ok
20:43:18.0855 5808  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:43:18.0859 5808  Dnscache - ok
20:43:18.0945 5808  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:43:18.0951 5808  dot3svc - ok
20:43:19.0006 5808  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
20:43:19.0011 5808  DPS - ok
20:43:19.0075 5808  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:43:19.0076 5808  drmkaud - ok
20:43:19.0165 5808  dump_wmimmc - ok
20:43:19.0245 5808  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:43:19.0255 5808  DXGKrnl - ok
20:43:19.0308 5808  [ 17D40652EF3E55EEAE187A89DF40965A ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
20:43:19.0315 5808  e1express - ok
20:43:19.0345 5808  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
20:43:19.0350 5808  E1G60 - ok
20:43:19.0397 5808  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
20:43:19.0400 5808  EapHost - ok
20:43:19.0487 5808  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:43:19.0491 5808  Ecache - ok
20:43:19.0661 5808  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:43:19.0670 5808  ehRecvr - ok
20:43:19.0701 5808  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
20:43:19.0705 5808  ehSched - ok
20:43:19.0782 5808  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
20:43:19.0784 5808  ehstart - ok
20:43:19.0854 5808  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:43:19.0864 5808  elxstor - ok
20:43:19.0966 5808  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:43:19.0979 5808  EMDMgmt - ok
20:43:20.0024 5808  [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:43:20.0026 5808  ErrDev - ok
20:43:20.0135 5808  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
20:43:20.0143 5808  EventSystem - ok
20:43:20.0202 5808  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:43:20.0207 5808  exfat - ok
20:43:20.0261 5808  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:43:20.0266 5808  fastfat - ok
20:43:20.0295 5808  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:43:20.0296 5808  fdc - ok
20:43:20.0316 5808  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
20:43:20.0319 5808  fdPHost - ok
20:43:20.0345 5808  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
20:43:20.0347 5808  FDResPub - ok
20:43:20.0362 5808  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:43:20.0365 5808  FileInfo - ok
20:43:20.0403 5808  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:43:20.0405 5808  Filetrace - ok
20:43:20.0436 5808  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:43:20.0438 5808  flpydisk - ok
20:43:20.0507 5808  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:43:20.0513 5808  FltMgr - ok
20:43:20.0614 5808  [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache       C:\Windows\system32\FntCache.dll
20:43:20.0649 5808  FontCache - ok
20:43:20.0747 5808  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:43:20.0749 5808  FontCache3.0.0.0 - ok
20:43:20.0810 5808  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:43:20.0813 5808  Fs_Rec - ok
20:43:20.0868 5808  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:43:20.0870 5808  gagp30kx - ok
20:43:20.0951 5808  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
20:43:20.0952 5808  gfibto - ok
20:43:21.0022 5808  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:43:21.0044 5808  gpsvc - ok
20:43:21.0257 5808  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:43:21.0260 5808  gupdate - ok
20:43:21.0284 5808  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:43:21.0286 5808  gupdatem - ok
20:43:21.0344 5808  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:43:21.0348 5808  gusvc - ok
20:43:21.0432 5808  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:43:21.0466 5808  HDAudBus - ok
20:43:21.0537 5808  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:43:21.0538 5808  HidBth - ok
20:43:21.0565 5808  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:43:21.0567 5808  HidIr - ok
20:43:21.0639 5808  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\System32\hidserv.dll
20:43:21.0641 5808  hidserv - ok
20:43:21.0728 5808  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:43:21.0729 5808  HidUsb - ok
20:43:21.0762 5808  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:43:21.0765 5808  hkmsvc - ok
20:43:21.0814 5808  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:43:21.0816 5808  HpCISSs - ok
20:43:21.0895 5808  hshld - ok
20:43:21.0964 5808  [ BBC89DA4065BDCE34257BE95B2F636EE ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
20:43:21.0965 5808  HssDRV6 - ok
20:43:22.0093 5808  [ 01947D3CBAFCFEF066E1EB45DADC182D ] HssSrv          C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
20:43:22.0098 5808  HssSrv - ok
20:43:22.0111 5808  HssWd - ok
20:43:22.0210 5808  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:43:22.0232 5808  HTTP - ok
20:43:22.0276 5808  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:43:22.0278 5808  i2omp - ok
20:43:22.0318 5808  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:43:22.0320 5808  i8042prt - ok
20:43:22.0381 5808  [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:43:22.0385 5808  IAANTMON - ok
20:43:22.0413 5808  [ 07FB761600EFF44AF02C35B8B57E5863 ] iaStor          C:\Windows\system32\drivers\iastor.sys
20:43:22.0417 5808  iaStor - ok
20:43:22.0441 5808  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:43:22.0449 5808  iaStorV - ok
20:43:22.0530 5808  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:43:22.0561 5808  idsvc - ok
20:43:22.0588 5808  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:43:22.0590 5808  iirsp - ok
20:43:22.0658 5808  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
20:43:22.0678 5808  IKEEXT - ok
20:43:22.0701 5808  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
20:43:22.0703 5808  intelide - ok
20:43:22.0722 5808  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:43:22.0724 5808  intelppm - ok
20:43:22.0756 5808  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:43:22.0760 5808  IPBusEnum - ok
20:43:22.0832 5808  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:43:22.0835 5808  IpFilterDriver - ok
20:43:22.0916 5808  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:43:22.0922 5808  iphlpsvc - ok
20:43:22.0929 5808  IpInIp - ok
20:43:22.0964 5808  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:43:22.0967 5808  IPMIDRV - ok
20:43:22.0975 5808  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:43:22.0979 5808  IPNAT - ok
20:43:23.0043 5808  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:43:23.0044 5808  IRENUM - ok
20:43:23.0086 5808  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:43:23.0088 5808  isapnp - ok
20:43:23.0158 5808  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:43:23.0160 5808  iScsiPrt - ok
20:43:23.0203 5808  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:43:23.0205 5808  iteatapi - ok
20:43:23.0240 5808  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:43:23.0243 5808  iteraid - ok
20:43:23.0264 5808  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:43:23.0265 5808  kbdclass - ok
20:43:23.0288 5808  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:43:23.0289 5808  kbdhid - ok
20:43:23.0340 5808  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
20:43:23.0341 5808  KeyIso - ok
20:43:23.0407 5808  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:43:23.0419 5808  KSecDD - ok
20:43:23.0434 5808  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:43:23.0435 5808  ksthunk - ok
20:43:23.0494 5808  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:43:23.0504 5808  KtmRm - ok
20:43:23.0550 5808  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:43:23.0556 5808  LanmanServer - ok
20:43:23.0589 5808  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:43:23.0595 5808  LanmanWorkstation - ok
20:43:23.0631 5808  [ 3C46290F7A5D45BA6EF32C248E22AA69 ] Lbd             C:\Windows\system32\DRIVERS\Lbd.sys
20:43:23.0634 5808  Lbd - ok
20:43:23.0668 5808  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:43:23.0670 5808  lltdio - ok
20:43:23.0728 5808  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:43:23.0736 5808  lltdsvc - ok
20:43:23.0766 5808  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:43:23.0768 5808  lmhosts - ok
20:43:23.0807 5808  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:43:23.0810 5808  LSI_FC - ok
20:43:23.0838 5808  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:43:23.0841 5808  LSI_SAS - ok
20:43:23.0857 5808  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:43:23.0860 5808  LSI_SCSI - ok
20:43:23.0892 5808  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:43:23.0895 5808  luafv - ok
20:43:23.0918 5808  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:43:23.0922 5808  Mcx2Svc - ok
20:43:23.0957 5808  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
20:43:23.0958 5808  megasas - ok
20:43:24.0005 5808  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:43:24.0015 5808  MegaSR - ok
20:43:24.0056 5808  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
20:43:24.0058 5808  MMCSS - ok
20:43:24.0068 5808  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
20:43:24.0070 5808  Modem - ok
20:43:24.0079 5808  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:43:24.0080 5808  monitor - ok
20:43:24.0103 5808  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:43:24.0104 5808  mouclass - ok
20:43:24.0116 5808  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:43:24.0117 5808  mouhid - ok
20:43:24.0125 5808  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:43:24.0128 5808  MountMgr - ok
20:43:24.0176 5808  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:43:24.0179 5808  mpio - ok
20:43:24.0206 5808  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:43:24.0209 5808  mpsdrv - ok
20:43:24.0280 5808  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:43:24.0302 5808  MpsSvc - ok
20:43:24.0356 5808  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:43:24.0358 5808  Mraid35x - ok
20:43:24.0423 5808  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:43:24.0427 5808  MRxDAV - ok
20:43:24.0487 5808  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:43:24.0490 5808  mrxsmb - ok
20:43:24.0550 5808  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:43:24.0556 5808  mrxsmb10 - ok
20:43:24.0584 5808  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:43:24.0586 5808  mrxsmb20 - ok
20:43:24.0609 5808  [ 730B784962D22D2C6481EAE2370E7C8C ] msahci          C:\Windows\system32\drivers\msahci.sys
20:43:24.0611 5808  msahci - ok
20:43:24.0636 5808  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:43:24.0640 5808  msdsm - ok
20:43:24.0694 5808  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
20:43:24.0698 5808  MSDTC - ok
20:43:24.0730 5808  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:43:24.0732 5808  Msfs - ok
20:43:24.0757 5808  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:43:24.0758 5808  msisadrv - ok
20:43:24.0791 5808  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:43:24.0796 5808  MSiSCSI - ok
20:43:24.0803 5808  msiserver - ok
20:43:24.0845 5808  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:43:24.0847 5808  MSKSSRV - ok
20:43:24.0870 5808  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:43:24.0871 5808  MSPCLOCK - ok
20:43:24.0888 5808  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:43:24.0889 5808  MSPQM - ok
20:43:24.0953 5808  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:43:24.0960 5808  MsRPC - ok
20:43:24.0987 5808  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:43:24.0988 5808  mssmbios - ok
20:43:25.0003 5808  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:43:25.0004 5808  MSTEE - ok
20:43:25.0020 5808  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:43:25.0023 5808  Mup - ok
20:43:25.0090 5808  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
20:43:25.0101 5808  napagent - ok
20:43:25.0180 5808  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:43:25.0185 5808  NativeWifiP - ok
20:43:25.0263 5808  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:43:25.0271 5808  NDIS - ok
20:43:25.0302 5808  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:43:25.0303 5808  NdisTapi - ok
20:43:25.0318 5808  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:43:25.0320 5808  Ndisuio - ok
20:43:25.0404 5808  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:43:25.0408 5808  NdisWan - ok
20:43:25.0429 5808  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:43:25.0431 5808  NDProxy - ok
20:43:25.0452 5808  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:43:25.0454 5808  NetBIOS - ok
20:43:25.0516 5808  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:43:25.0521 5808  netbt - ok
20:43:25.0528 5808  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
20:43:25.0530 5808  Netlogon - ok
20:43:25.0577 5808  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
20:43:25.0582 5808  Netman - ok
20:43:25.0610 5808  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
20:43:25.0618 5808  netprofm - ok
20:43:25.0674 5808  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:43:25.0677 5808  NetTcpPortSharing - ok
20:43:25.0715 5808  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:43:25.0717 5808  nfrd960 - ok
20:43:25.0759 5808  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:43:25.0765 5808  NlaSvc - ok
20:43:25.0836 5808  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:43:25.0837 5808  Npfs - ok
20:43:25.0844 5808  npggsvc - ok
20:43:25.0854 5808  NPPTNT2 - ok
20:43:25.0878 5808  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
20:43:25.0881 5808  nsi - ok
20:43:25.0905 5808  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:43:25.0907 5808  nsiproxy - ok
20:43:26.0006 5808  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:43:26.0052 5808  Ntfs - ok
20:43:26.0068 5808  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
20:43:26.0070 5808  Null - ok
20:43:26.0107 5808  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:43:26.0110 5808  nvraid - ok
20:43:26.0120 5808  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:43:26.0122 5808  nvstor - ok
20:43:26.0150 5808  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:43:26.0153 5808  nv_agp - ok
20:43:26.0160 5808  NwlnkFlt - ok
20:43:26.0169 5808  NwlnkFwd - ok
20:43:26.0317 5808  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:43:26.0327 5808  odserv - ok
20:43:26.0379 5808  [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:43:26.0382 5808  ohci1394 - ok
20:43:26.0456 5808  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:43:26.0459 5808  ose - ok
20:43:26.0543 5808  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:43:26.0578 5808  p2pimsvc - ok
20:43:26.0660 5808  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
20:43:26.0671 5808  p2psvc - ok
20:43:26.0705 5808  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
20:43:26.0708 5808  Parport - ok
20:43:26.0790 5808  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:43:26.0793 5808  partmgr - ok
20:43:26.0904 5808  [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot         C:\Windows\system32\drivers\pavboot64.sys
20:43:26.0906 5808  pavboot - ok
20:43:26.0974 5808  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:43:26.0978 5808  PcaSvc - ok
20:43:27.0045 5808  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
20:43:27.0048 5808  pci - ok
20:43:27.0109 5808  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:43:27.0110 5808  pciide - ok
20:43:27.0145 5808  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:43:27.0150 5808  pcmcia - ok
20:43:27.0222 5808  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:43:27.0244 5808  PEAUTH - ok
20:43:27.0325 5808  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:43:27.0329 5808  PerfHost - ok
20:43:27.0441 5808  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
20:43:27.0487 5808  pla - ok
20:43:27.0564 5808  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:43:27.0573 5808  PlugPlay - ok
20:43:27.0655 5808  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:43:27.0665 5808  PNRPAutoReg - ok
20:43:27.0733 5808  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:43:27.0743 5808  PNRPsvc - ok
20:43:27.0786 5808  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:43:27.0797 5808  PolicyAgent - ok
20:43:27.0924 5808  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:43:27.0927 5808  PptpMiniport - ok
20:43:27.0991 5808  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
20:43:27.0993 5808  Processor - ok
20:43:28.0071 5808  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
20:43:28.0078 5808  ProfSvc - ok
20:43:28.0098 5808  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:43:28.0100 5808  ProtectedStorage - ok
20:43:28.0169 5808  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:43:28.0171 5808  PSched - ok
20:43:28.0200 5808  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:43:28.0202 5808  PxHlpa64 - ok
20:43:28.0284 5808  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:43:28.0330 5808  ql2300 - ok
20:43:28.0377 5808  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:43:28.0380 5808  ql40xx - ok
20:43:28.0418 5808  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
20:43:28.0426 5808  QWAVE - ok
20:43:28.0444 5808  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:43:28.0446 5808  QWAVEdrv - ok
20:43:28.0611 5808  [ A4379447148EE55330768CC491EE999E ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
20:43:28.0661 5808  R300 - ok
20:43:28.0703 5808  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:43:28.0705 5808  RasAcd - ok
20:43:28.0762 5808  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
20:43:28.0767 5808  RasAuto - ok
20:43:28.0844 5808  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:43:28.0847 5808  Rasl2tp - ok
20:43:28.0914 5808  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
20:43:28.0923 5808  RasMan - ok
20:43:28.0993 5808  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:43:28.0995 5808  RasPppoe - ok
20:43:29.0074 5808  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:43:29.0077 5808  RasSstp - ok
20:43:29.0134 5808  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:43:29.0140 5808  rdbss - ok
20:43:29.0170 5808  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:43:29.0172 5808  RDPCDD - ok
20:43:29.0202 5808  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:43:29.0210 5808  rdpdr - ok
20:43:29.0217 5808  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:43:29.0219 5808  RDPENCDD - ok
20:43:29.0280 5808  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:43:29.0285 5808  RDPWD - ok
20:43:29.0324 5808  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:43:29.0328 5808  RemoteAccess - ok
20:43:29.0388 5808  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:43:29.0392 5808  RemoteRegistry - ok
20:43:29.0440 5808  [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:43:29.0442 5808  RimUsb - ok
20:43:29.0472 5808  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
20:43:29.0474 5808  RpcLocator - ok
20:43:29.0548 5808  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
20:43:29.0556 5808  RpcSs - ok
20:43:29.0582 5808  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:43:29.0584 5808  rspndr - ok
20:43:29.0642 5808  [ 39E74E264338934DBF11F8DB79A3E116 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
20:43:29.0644 5808  RTSTOR - ok
20:43:29.0710 5808  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
20:43:29.0712 5808  SamSs - ok
20:43:29.0948 5808  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
20:43:30.0070 5808  SBAMSvc - ok
20:43:30.0116 5808  [ 8F19D62B04081C0BFF1E8D6F26220A28 ] sbapifs         C:\Windows\system32\DRIVERS\sbapifs.sys
20:43:30.0118 5808  sbapifs - ok
20:43:30.0148 5808  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:43:30.0151 5808  sbp2port - ok
20:43:30.0231 5808  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:43:30.0237 5808  SCardSvr - ok
20:43:30.0336 5808  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
20:43:30.0347 5808  Schedule - ok
20:43:30.0402 5808  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:43:30.0403 5808  SCPolicySvc - ok
20:43:30.0429 5808  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:43:30.0433 5808  SDRSVC - ok
20:43:30.0489 5808  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:43:30.0490 5808  secdrv - ok
20:43:30.0513 5808  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
20:43:30.0516 5808  seclogon - ok
20:43:30.0573 5808  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
20:43:30.0577 5808  SENS - ok
20:43:30.0584 5808  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:43:30.0586 5808  Serenum - ok
20:43:30.0637 5808  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
20:43:30.0640 5808  Serial - ok
20:43:30.0648 5808  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:43:30.0650 5808  sermouse - ok
20:43:30.0700 5808  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:43:30.0703 5808  SessionEnv - ok
20:43:30.0763 5808  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:43:30.0764 5808  sffdisk - ok
20:43:30.0773 5808  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:43:30.0774 5808  sffp_mmc - ok
20:43:30.0820 5808  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:43:30.0821 5808  sffp_sd - ok
20:43:30.0843 5808  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:43:30.0844 5808  sfloppy - ok
20:43:30.0899 5808  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:43:30.0908 5808  SharedAccess - ok
20:43:30.0968 5808  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:43:30.0973 5808  ShellHWDetection - ok
20:43:30.0981 5808  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:43:30.0983 5808  SiSRaid2 - ok
20:43:31.0029 5808  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:43:31.0031 5808  SiSRaid4 - ok
20:43:31.0174 5808  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:43:31.0176 5808  SkypeUpdate - ok
20:43:31.0309 5808  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
20:43:31.0420 5808  slsvc - ok
20:43:31.0483 5808  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:43:31.0487 5808  SLUINotify - ok
20:43:31.0550 5808  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:43:31.0552 5808  Smb - ok
20:43:31.0618 5808  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:43:31.0621 5808  SNMPTRAP - ok
20:43:31.0696 5808  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
20:43:31.0697 5808  spldr - ok
20:43:31.0769 5808  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
20:43:31.0773 5808  Spooler - ok
20:43:31.0829 5808  [ 992741053BC674F638589FFD31AC328B ] sptd            C:\Windows\system32\Drivers\sptd.sys
20:43:31.0830 5808  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 992741053BC674F638589FFD31AC328B
20:43:31.0831 5808  sptd ( LockedFile.Multi.Generic ) - warning
20:43:31.0831 5808  sptd - detected LockedFile.Multi.Generic (1)
20:43:31.0877 5808  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:43:31.0886 5808  srv - ok
20:43:31.0957 5808  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:43:31.0961 5808  srv2 - ok
20:43:31.0981 5808  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:43:31.0984 5808  srvnet - ok
20:43:32.0016 5808  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:43:32.0020 5808  SSDPSRV - ok
20:43:32.0037 5808  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:43:32.0042 5808  SstpSvc - ok
20:43:32.0147 5808  [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
20:43:32.0153 5808  STacSV - ok
20:43:32.0279 5808  [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
20:43:32.0287 5808  StarWindServiceAE - ok
20:43:32.0333 5808  [ BA16447226ABFD342E130D2F24F73D32 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
20:43:32.0352 5808  STHDA - ok
20:43:32.0399 5808  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
20:43:32.0422 5808  stisvc - ok
20:43:32.0503 5808  [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:43:32.0506 5808  stllssvr - ok
20:43:32.0537 5808  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:43:32.0538 5808  swenum - ok
20:43:32.0616 5808  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
20:43:32.0639 5808  swprv - ok
20:43:32.0689 5808  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:43:32.0691 5808  Symc8xx - ok
20:43:32.0699 5808  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:43:32.0701 5808  Sym_hi - ok
20:43:32.0755 5808  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:43:32.0757 5808  Sym_u3 - ok
20:43:32.0814 5808  [ D783E043FCD2F152488B3F09640835BF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:43:32.0817 5808  SynTP - ok
20:43:32.0933 5808  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
20:43:32.0967 5808  SysMain - ok
20:43:32.0992 5808  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:43:32.0996 5808  TabletInputService - ok
20:43:33.0054 5808  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
20:43:33.0055 5808  taphss - ok
20:43:33.0113 5808  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:43:33.0118 5808  TapiSrv - ok
20:43:33.0137 5808  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
20:43:33.0140 5808  TBS - ok
20:43:33.0242 5808  [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:43:33.0287 5808  Tcpip - ok
20:43:33.0336 5808  [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:43:33.0352 5808  Tcpip6 - ok
20:43:33.0424 5808  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:43:33.0426 5808  tcpipreg - ok
20:43:33.0450 5808  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:43:33.0452 5808  TDPIPE - ok
20:43:33.0466 5808  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:43:33.0468 5808  TDTCP - ok
20:43:33.0534 5808  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:43:33.0537 5808  tdx - ok
20:43:33.0558 5808  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:43:33.0559 5808  TermDD - ok
20:43:33.0635 5808  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
20:43:33.0642 5808  TermService - ok
20:43:33.0670 5808  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
20:43:33.0675 5808  Themes - ok
20:43:33.0706 5808  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:43:33.0708 5808  THREADORDER - ok
20:43:33.0736 5808  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
20:43:33.0741 5808  TrkWks - ok
20:43:33.0820 5808  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:43:33.0822 5808  TrustedInstaller - ok
20:43:33.0871 5808  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:43:33.0872 5808  tssecsrv - ok
20:43:33.0893 5808  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:43:33.0894 5808  tunmp - ok
20:43:33.0946 5808  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:43:33.0947 5808  tunnel - ok
20:43:33.0974 5808  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:43:33.0976 5808  uagp35 - ok
20:43:34.0034 5808  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:43:34.0041 5808  udfs - ok
20:43:34.0117 5808  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:43:34.0120 5808  UI0Detect - ok
20:43:34.0146 5808  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:43:34.0148 5808  uliagpkx - ok
20:43:34.0179 5808  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:43:34.0186 5808  uliahci - ok
20:43:34.0204 5808  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:43:34.0208 5808  UlSata - ok
20:43:34.0227 5808  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:43:34.0232 5808  ulsata2 - ok
20:43:34.0260 5808  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:43:34.0262 5808  umbus - ok
20:43:34.0305 5808  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
20:43:34.0315 5808  upnphost - ok
20:43:34.0399 5808  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:43:34.0402 5808  usbccgp - ok
20:43:34.0430 5808  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:43:34.0433 5808  usbcir - ok
20:43:34.0454 5808  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:43:34.0456 5808  usbehci - ok
20:43:34.0524 5808  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:43:34.0531 5808  usbhub - ok
20:43:34.0556 5808  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:43:34.0557 5808  usbohci - ok
20:43:34.0576 5808  [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:43:34.0578 5808  usbprint - ok
20:43:34.0639 5808  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:43:34.0641 5808  USBSTOR - ok
20:43:34.0716 5808  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:43:34.0718 5808  usbuhci - ok
20:43:34.0753 5808  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:43:34.0757 5808  usbvideo - ok
20:43:34.0830 5808  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
20:43:34.0833 5808  UxSms - ok
20:43:34.0900 5808  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
20:43:34.0922 5808  vds - ok
20:43:34.0968 5808  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:43:34.0971 5808  vga - ok
20:43:35.0012 5808  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:43:35.0014 5808  VgaSave - ok
20:43:35.0034 5808  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
20:43:35.0036 5808  viaide - ok
20:43:35.0062 5808  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:43:35.0065 5808  volmgr - ok
20:43:35.0145 5808  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:43:35.0154 5808  volmgrx - ok
20:43:35.0231 5808  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:43:35.0237 5808  volsnap - ok
20:43:35.0264 5808  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:43:35.0269 5808  vsmraid - ok
20:43:35.0395 5808  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
20:43:35.0454 5808  VSS - ok
20:43:35.0528 5808  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
20:43:35.0539 5808  W32Time - ok
20:43:35.0611 5808  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:43:35.0613 5808  WacomPen - ok
20:43:35.0675 5808  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:43:35.0678 5808  Wanarp - ok
20:43:35.0685 5808  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:43:35.0686 5808  Wanarpv6 - ok
20:43:35.0714 5808  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:43:35.0737 5808  wcncsvc - ok
20:43:35.0765 5808  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:43:35.0769 5808  WcsPlugInService - ok
20:43:35.0810 5808  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
20:43:35.0812 5808  Wd - ok
20:43:35.0855 5808  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:43:35.0889 5808  Wdf01000 - ok
20:43:35.0924 5808  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:43:35.0928 5808  WdiServiceHost - ok
20:43:35.0934 5808  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:43:35.0938 5808  WdiSystemHost - ok
20:43:35.0972 5808  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
20:43:35.0979 5808  WebClient - ok
20:43:36.0003 5808  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:43:36.0010 5808  Wecsvc - ok
20:43:36.0024 5808  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:43:36.0028 5808  wercplsupport - ok
20:43:36.0058 5808  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
20:43:36.0064 5808  WerSvc - ok
20:43:36.0074 5808  WinDefend - ok
20:43:36.0084 5808  WinHttpAutoProxySvc - ok
20:43:36.0213 5808  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:43:36.0218 5808  Winmgmt - ok
20:43:36.0311 5808  [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:43:36.0345 5808  WinRM - ok
20:43:36.0427 5808  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:43:36.0452 5808  Wlansvc - ok
20:43:36.0702 5808  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:43:36.0769 5808  wlidsvc - ok
20:43:36.0773 5808  Scan interrupted by user!
20:43:36.0773 5808  ================ Scan global ===============================
20:43:36.0773 5808  Scan interrupted by user!
20:43:36.0773 5808  ================ Scan MBR ==================================
20:43:36.0773 5808  Scan interrupted by user!
20:43:36.0773 5808  ================ Scan VBR ==================================
20:43:36.0773 5808  Scan interrupted by user!
20:43:36.0773 5808  ============================================================
20:43:36.0773 5808  Scan finished
20:43:36.0773 5808  ============================================================
20:43:36.0787 5856  Detected object count: 1
20:43:36.0787 5856  Actual detected object count: 1
20:43:44.0475 5856  sptd ( LockedFile.Multi.Generic ) - skipped by user
20:43:44.0475 5856  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:44:18.0181 3016  Deinitialize success

 


Edited by vtek, 17 October 2013 - 03:42 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 17 October 2013 - 10:18 PM


Hello vtek

The reports are looking good.

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 vtek

vtek
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 21 October 2013 - 02:05 PM

hi. hope you had a good weekend.

comp seems a bit better now, though still of it's pre-infection performance. only problem was that combofix from one link would always give an nsis error, but link 3 worked fine

here is the log: 

 

ComboFix 13-10-21.01 - vtek 21/10/2013  19:38:21.2.2 - x64
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.2.1036.18.4091.1794 [GMT 1:00]
Running from: c:\users\vtek\Desktop\ComboFix.exe
Command switches used :: c:\users\vtek\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-21 to 2013-10-21  )))))))))))))))))))))))))))))))
.
.
2013-10-21 18:51 . 2013-10-21 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-21 18:33 . 2013-10-21 18:34 -------- d-----w- C:\32788R22FWJFW
2013-10-16 18:33 . 2013-10-21 18:51 -------- d-----w- c:\users\vtek\AppData\Local\temp
2013-10-16 18:18 . 2013-10-16 18:18 -------- d-----w- c:\users\vtek\AppData\Local\adawarebp
2013-10-15 18:51 . 2013-10-15 18:51 -------- d-----w- c:\windows\ERUNT
2013-10-15 17:53 . 2013-10-15 18:00 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 20:50 . 2012-04-11 17:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-16 20:50 . 2011-05-22 16:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R4 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:51]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 22:18]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 22:18]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849536552-3425081745-2551734826-1000Core.job
- c:\users\vtek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 22:31]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849536552-3425081745-2551734826-1000UA.job
- c:\users\vtek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-06 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\vtek\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-08 1780520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-07 170496]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2012-09-20 201608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-68252483.sys
AddRemove-HotspotShield - c:\program files (x86)\Hotspot Shield\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-10-21  19:55:22
ComboFix-quarantined-files.txt  2013-10-21 18:55
ComboFix2.txt  2013-10-16 18:28
.
Pre-Run: 8,308,314,112 octets libres
Post-Run: 8,198,316,032 octets libres
.
- - End Of File - - E10B90999C3C9B9BCFF2848963102E8E
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 22 October 2013 - 04:38 PM



Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader 9.5.5
      µTorrent
      HDVidCodec
      Java 7 Update 25
      Java™ 6 Update 13 (64-bit)
      Java™ 6 Update 20
      Java™ 6 Update 22


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader
  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 vtek

vtek
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 23 October 2013 - 01:39 PM

Hi,

browser is still slow, but better than it was a week ago.

i couldn't get mbam updated for whatever reason, nor could i get adobe reader installed. both seemed to fail due to connection issues.

 

here are the logs, mbam first:

 

Malwarebytes' Anti-Malware 1.42
Database version: 3452
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

23/10/2013 6:58:08 PM
mbam-log-2013-10-23 (18-58-08).txt

Scan type: Quick Scan
Objects scanned: 94702
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

 

hijackthis: i notice quite a few "file missing" items

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:05:10 PM, on 23/10/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\vtek\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\vtek\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Google Update] "C:\Users\vtek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes6.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe (file missing)
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - C:\Windows\System32\svchost.exe

--
End of file - 21621 bytes



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 24 October 2013 - 12:19 AM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
      O4 - HKCU\..\Run: [Google Update] "C:\Users\vtek\AppData\Local\Google\Update\GoogleUpdate.exe" /c


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users