Jump to content


Photo
- - - - -

Scour redirect virus removal help needed

Started by efgonzo61, Apr 18 2012 07:18 PM

  • This topic is locked This topic is locked
36 replies to this topic

#1 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 18 April 2012 - 07:18 PM

Hi,

Running Windows 7. Yesterday discovered that all of "my documents" contents were missing and also pictures that i had had saved on computer were missing. Also when doing search on google.com in explorer browser I would get redirected to Scour webpage.

Ran DDS as instructed, here is log file. DO you want me to attach the "Attach" log file?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Don Gonsalves at 20:09:49 on 2012-04-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1046 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Common Files\aol\1277647536\ee\aolsoftware.exe
C:\Windows\BCMSMMSG.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [HostManager] c:\program files\common files\aol\1277647536\ee\AOLSoftware.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{84F609E4-4E22-4BD8-A9FE-AECC78B3AA54} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-6-15 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-6-15 273960]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-27 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-18 23:48:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-18 23:26:55 98816 ----a-w- c:\windows\sed.exe
2012-04-18 23:26:55 518144 ----a-w- c:\windows\SWREG.exe
2012-04-18 23:26:55 256000 ----a-w- c:\windows\PEV.exe
2012-04-18 23:26:55 208896 ----a-w- c:\windows\MBR.exe
2012-04-18 22:44:20 -------- d-----w- c:\users\don gonsalves\appdata\roaming\SUPERAntiSpyware.com
2012-04-18 22:43:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-18 22:43:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-18 22:43:30 16090640 ----a-w- C:\SAS_935F0.EXE
2012-04-18 20:59:24 -------- d-----w- c:\users\don gonsalves\appdata\roaming\Malwarebytes
2012-04-18 20:59:20 -------- d-----w- c:\programdata\Malwarebytes
2012-04-18 20:59:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 20:59:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-18 20:56:05 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe
2012-04-18 20:45:34 2072112 ----a-w- C:\TDSSKiller.exe
2012-04-14 13:22:31 -------- d--h--w- c:\programdata\CanonIJEGV
2012-04-13 07:00:43 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 07:00:42 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:02:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:02:02 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:02:02 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:02:02 158720 ----a-w- c:\windows\system32\imagehlp.dll
.
==================== Find3M ====================
.
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 12:29:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:44:51 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:44:50 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:40:26 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 20:10:21.89 ===============

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 April 2012 - 10:40 AM

Hello efgonzo61! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please post the content of Attach.txt, don't attach it.

Next, visit www.virustotal.com and upload the following file:
C:\SAS_935F0.EXE

Then wait until scan finished and copy/paste the link in your next reply with content of Attach.txt
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#3 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 19 April 2012 - 01:23 PM

Hi Maniac,

I ran the virus tool and here is the link to the results. Results were clean.
https://www.virustot...sis/1334859542/

Here is the "attach" text file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/26/2010 7:45:31 PM
System Uptime: 4/18/2012 7:43:34 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 07N90W
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | CPU 1 | 2926/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 187.29 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 100.215 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0001
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW) #2
PNP Device ID: ROOT\NET\0001
Service: wanatw
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0002
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW) #3
PNP Device ID: ROOT\NET\0002
Service: wanatw
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
ArcSoft PhotoStudio 5.5
ATT-RC Self Support Tool
AVG 2012
BCM V.92 56K Modem
Broadcom Gigabit NetLink Controller
Broadcom Management Programs
Canon CanoScan LiDE 100 User Registration
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Download Updater (AOL LLC)
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Inkjet Printer/Scanner Extended Survey Program
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
OGA Notifier 2.0.0048.0
PowerDVD DX
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
StorageSync Backup Software
SUPERAntiSpyware
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Viewpoint Media Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip
.
==== Event Viewer Messages From Past Week ========
.
4/18/2012 8:10:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
4/18/2012 8:00:49 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The system cannot find the file specified.
4/18/2012 7:56:56 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The system cannot find the file specified.
4/18/2012 7:51:11 PM, Error: Service Control Manager [7000] - The Windows Backup service failed to start due to the following error: The system cannot find the file specified.
4/18/2012 7:51:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service sdrsvc with arguments "" in order to run the server: {47135EEA-06B6-4452-8787-4A187C64A47E}
4/18/2012 7:49:09 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The system cannot find the file specified.
4/18/2012 7:49:09 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The system cannot find the file specified.
4/18/2012 7:49:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070002'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/18/2012 7:49:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The system cannot find the file specified.
4/18/2012 7:49:06 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The system cannot find the file specified.
4/18/2012 7:45:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
4/18/2012 7:43:57 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the file specified.
4/18/2012 7:43:57 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the file specified.
4/18/2012 7:43:03 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/18/2012 6:50:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
4/18/2012 4:05:41 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2012 4:05:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2012 4:05:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/18/2012 4:05:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/18/2012 4:05:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/18/2012 4:05:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/18/2012 4:05:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache spldr Wanarpv6
4/18/2012 4:05:24 PM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2012 4:05:24 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/12/2012 7:30:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/12/2012 3:02:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 7 (KB2679255).
4/11/2012 3:46:50 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
4/11/2012 3:46:50 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
4/11/2012 3:46:50 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
4/11/2012 3:46:49 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/11/2012 3:45:51 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 April 2012 - 02:57 PM

It seems this file is part of SuperAntiSpyware.

Step 1

Please uninstall Viewpoint Media Player, because reportedly about to "Plunge Into Adware" - see here.


Step 2

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


Step 3

I see that your already run TDSSKiller, but suggest you to manually delete your copy and then download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#5 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 20 April 2012 - 09:42 AM

Hi Maniac,

I did as instructed. Here is the log file from the TDSSKiller program. It did find one file on the computer but I was NOT given the CURE option. So I hit "skip" as instructed.

10:36:27.0306 5860 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
10:36:27.0774 5860 ============================================================
10:36:27.0774 5860 Current date / time: 2012/04/20 10:36:27.0774
10:36:27.0774 5860 SystemInfo:
10:36:27.0774 5860
10:36:27.0774 5860 OS Version: 6.1.7600 ServicePack: 0.0
10:36:27.0774 5860 Product type: Workstation
10:36:27.0774 5860 ComputerName: DONGONSALVES-PC
10:36:27.0774 5860 UserName: Don Gonsalves
10:36:27.0774 5860 Windows directory: C:\Windows
10:36:27.0774 5860 System windows directory: C:\Windows
10:36:27.0774 5860 Processor architecture: Intel x86
10:36:27.0774 5860 Number of processors: 2
10:36:27.0774 5860 Page size: 0x1000
10:36:27.0774 5860 Boot type: Normal boot
10:36:27.0774 5860 ============================================================
10:36:29.0147 5860 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:36:29.0162 5860 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:36:29.0178 5860 \Device\Harddisk0\DR0:
10:36:29.0178 5860 MBR partitions:
10:36:29.0178 5860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x132D000
10:36:29.0178 5860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1341000, BlocksNum 0x1BE67800
10:36:29.0178 5860 \Device\Harddisk1\DR1:
10:36:29.0178 5860 MBR partitions:
10:36:29.0178 5860 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
10:36:29.0209 5860 C: <-> \Device\Harddisk0\DR0\Partition1
10:36:29.0240 5860 E: <-> \Device\Harddisk1\DR1\Partition0
10:36:29.0240 5860 Initialize success
10:36:29.0240 5860 ============================================================
10:37:04.0110 2576 ============================================================
10:37:04.0110 2576 Scan started
10:37:04.0110 2576 Mode: Manual; SigCheck; TDLFS;
10:37:04.0110 2576 ============================================================
10:37:05.0873 2576 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:37:05.0920 2576 !SASCORE - ok
10:37:06.0107 2576 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys
10:37:06.0169 2576 1394ohci - ok
10:37:06.0325 2576 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
10:37:06.0325 2576 ACPI - ok
10:37:06.0450 2576 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
10:37:06.0544 2576 AcpiPmi - ok
10:37:06.0668 2576 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:37:06.0684 2576 adp94xx - ok
10:37:06.0840 2576 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:37:06.0856 2576 adpahci - ok
10:37:06.0965 2576 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:37:06.0980 2576 adpu320 - ok
10:37:07.0074 2576 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:37:07.0136 2576 AeLookupSvc - ok
10:37:07.0246 2576 AERTFilters (7a841462ad4749f8a07b27ae8e8947b8) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
10:37:07.0386 2576 AERTFilters - ok
10:37:07.0511 2576 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
10:37:07.0558 2576 AFD - ok
10:37:07.0667 2576 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
10:37:07.0682 2576 agp440 - ok
10:37:07.0745 2576 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:37:07.0760 2576 aic78xx - ok
10:37:07.0885 2576 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:37:07.0963 2576 ALG - ok
10:37:08.0041 2576 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
10:37:08.0057 2576 aliide - ok
10:37:08.0119 2576 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
10:37:08.0150 2576 amdagp - ok
10:37:08.0275 2576 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
10:37:08.0275 2576 amdide - ok
10:37:08.0416 2576 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:37:08.0478 2576 AmdK8 - ok
10:37:08.0587 2576 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:37:08.0618 2576 AmdPPM - ok
10:37:08.0774 2576 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
10:37:08.0774 2576 amdsata - ok
10:37:08.0899 2576 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:37:08.0930 2576 amdsbs - ok
10:37:09.0024 2576 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
10:37:09.0040 2576 amdxata - ok
10:37:09.0196 2576 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
10:37:09.0227 2576 AOL ACS - ok
10:37:09.0336 2576 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
10:37:09.0398 2576 AppID - ok
10:37:09.0539 2576 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:37:09.0632 2576 AppIDSvc - ok
10:37:09.0773 2576 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
10:37:09.0820 2576 Appinfo - ok
10:37:09.0929 2576 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:37:09.0944 2576 arc - ok
10:37:10.0069 2576 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:37:10.0085 2576 arcsas - ok
10:37:10.0194 2576 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:37:10.0319 2576 AsyncMac - ok
10:37:10.0397 2576 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
10:37:10.0412 2576 atapi - ok
10:37:10.0553 2576 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
10:37:10.0600 2576 AudioEndpointBuilder - ok
10:37:10.0600 2576 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
10:37:10.0631 2576 Audiosrv - ok
10:37:10.0818 2576 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
10:37:10.0849 2576 AVG Security Toolbar Service - ok
10:37:11.0083 2576 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
10:37:11.0177 2576 AVGIDSAgent - ok
10:37:11.0317 2576 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:37:11.0333 2576 AVGIDSDriver - ok
10:37:11.0442 2576 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:37:11.0442 2576 AVGIDSEH - ok
10:37:11.0489 2576 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:37:11.0489 2576 AVGIDSFilter - ok
10:37:11.0614 2576 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:37:11.0614 2576 AVGIDSShim - ok
10:37:11.0738 2576 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
10:37:11.0754 2576 Avgldx86 - ok
10:37:11.0879 2576 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:37:11.0894 2576 Avgmfx86 - ok
10:37:12.0019 2576 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:37:12.0035 2576 Avgrkx86 - ok
10:37:12.0175 2576 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
10:37:12.0191 2576 Avgtdix - ok
10:37:12.0316 2576 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
10:37:12.0331 2576 avgwd - ok
10:37:12.0456 2576 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
10:37:12.0503 2576 AxInstSV - ok
10:37:12.0643 2576 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:37:12.0706 2576 b06bdrv - ok
10:37:12.0815 2576 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:37:12.0846 2576 b57nd60x - ok
10:37:13.0018 2576 BCMModem (41347688046d49cde0f6d138a534f73d) C:\Windows\system32\DRIVERS\BCMSM.sys
10:37:13.0080 2576 BCMModem - ok
10:37:13.0189 2576 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:37:13.0236 2576 BDESVC - ok
10:37:13.0345 2576 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:37:13.0376 2576 Beep - ok
10:37:13.0501 2576 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
10:37:13.0564 2576 BFE - ok
10:37:13.0673 2576 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
10:37:13.0735 2576 BITS - ok
10:37:13.0829 2576 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:37:13.0860 2576 blbdrive - ok
10:37:13.0969 2576 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
10:37:14.0000 2576 bowser - ok
10:37:14.0141 2576 BPowMon (104c980400850ea84f86cd31ae2eeece) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
10:37:14.0156 2576 BPowMon - ok
10:37:14.0234 2576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:37:14.0281 2576 BrFiltLo - ok
10:37:14.0359 2576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:37:14.0406 2576 BrFiltUp - ok
10:37:14.0546 2576 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:37:14.0593 2576 BridgeMP - ok
10:37:14.0687 2576 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
10:37:14.0702 2576 Browser - ok
10:37:14.0734 2576 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:37:14.0796 2576 Brserid - ok
10:37:14.0890 2576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:37:14.0921 2576 BrSerWdm - ok
10:37:15.0014 2576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:37:15.0046 2576 BrUsbMdm - ok
10:37:15.0170 2576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:37:15.0202 2576 BrUsbSer - ok
10:37:15.0295 2576 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:37:15.0311 2576 BTHMODEM - ok
10:37:15.0436 2576 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:37:15.0482 2576 bthserv - ok
10:37:15.0576 2576 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:37:15.0607 2576 cdfs - ok
10:37:15.0763 2576 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
10:37:15.0794 2576 cdrom - ok
10:37:15.0888 2576 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
10:37:15.0935 2576 CertPropSvc - ok
10:37:16.0075 2576 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:37:16.0106 2576 circlass - ok
10:37:16.0200 2576 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:37:16.0216 2576 CLFS - ok
10:37:16.0356 2576 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:37:16.0372 2576 clr_optimization_v2.0.50727_32 - ok
10:37:16.0512 2576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:37:16.0528 2576 clr_optimization_v4.0.30319_32 - ok
10:37:16.0637 2576 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:37:16.0668 2576 CmBatt - ok
10:37:16.0777 2576 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
10:37:16.0777 2576 cmdide - ok
10:37:16.0886 2576 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
10:37:16.0918 2576 CNG - ok
10:37:17.0011 2576 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:37:17.0011 2576 Compbatt - ok
10:37:17.0152 2576 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:37:17.0183 2576 CompositeBus - ok
10:37:17.0276 2576 COMSysApp - ok
10:37:17.0323 2576 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:37:17.0323 2576 crcdisk - ok
10:37:17.0464 2576 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
10:37:17.0510 2576 CryptSvc - ok
10:37:17.0666 2576 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:37:17.0698 2576 cvhsvc - ok
10:37:17.0791 2576 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
10:37:17.0822 2576 DcomLaunch - ok
10:37:17.0947 2576 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:37:17.0994 2576 defragsvc - ok
10:37:18.0103 2576 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
10:37:18.0150 2576 DfsC - ok
10:37:18.0290 2576 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
10:37:18.0337 2576 Dhcp - ok
10:37:18.0415 2576 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:37:18.0462 2576 discache - ok
10:37:18.0602 2576 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:37:18.0618 2576 Disk - ok
10:37:18.0696 2576 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
10:37:18.0743 2576 Dnscache - ok
10:37:18.0852 2576 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
10:37:18.0899 2576 dot3svc - ok
10:37:18.0977 2576 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
10:37:19.0024 2576 DPS - ok
10:37:19.0180 2576 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:37:19.0211 2576 drmkaud - ok
10:37:19.0304 2576 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
10:37:19.0336 2576 DXGKrnl - ok
10:37:19.0445 2576 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:37:19.0476 2576 EapHost - ok
10:37:19.0663 2576 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:37:19.0741 2576 ebdrv - ok
10:37:19.0850 2576 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
10:37:19.0928 2576 EFS - ok
10:37:20.0006 2576 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
10:37:20.0069 2576 ehRecvr - ok
10:37:20.0162 2576 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:37:20.0194 2576 ehSched - ok
10:37:20.0318 2576 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:37:20.0334 2576 elxstor - ok
10:37:20.0443 2576 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
10:37:20.0474 2576 ErrDev - ok
10:37:20.0568 2576 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:37:20.0615 2576 EventSystem - ok
10:37:20.0740 2576 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:37:20.0771 2576 exfat - ok
10:37:20.0864 2576 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:37:20.0880 2576 fastfat - ok
10:37:21.0052 2576 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
10:37:21.0145 2576 Fax - ok
10:37:21.0239 2576 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:37:21.0286 2576 fdc - ok
10:37:21.0379 2576 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:37:21.0457 2576 fdPHost - ok
10:37:21.0691 2576 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:37:21.0754 2576 FDResPub - ok
10:37:21.0863 2576 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:37:21.0863 2576 FileInfo - ok
10:37:21.0972 2576 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:37:22.0019 2576 Filetrace - ok
10:37:22.0206 2576 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:37:22.0237 2576 flpydisk - ok
10:37:22.0346 2576 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:37:22.0346 2576 FltMgr - ok
10:37:22.0471 2576 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
10:37:22.0534 2576 FontCache - ok
10:37:22.0596 2576 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:37:22.0612 2576 FontCache3.0.0.0 - ok
10:37:22.0674 2576 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:37:22.0674 2576 FsDepends - ok
10:37:22.0799 2576 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
10:37:22.0814 2576 fssfltr - ok
10:37:22.0970 2576 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:37:23.0017 2576 fsssvc - ok
10:37:23.0158 2576 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
10:37:23.0158 2576 Fs_Rec - ok
10:37:23.0282 2576 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
10:37:23.0298 2576 fvevol - ok
10:37:23.0438 2576 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:37:23.0438 2576 gagp30kx - ok
10:37:23.0532 2576 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
10:37:23.0579 2576 gpsvc - ok
10:37:23.0719 2576 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:37:23.0719 2576 gupdate - ok
10:37:23.0750 2576 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:37:23.0766 2576 gupdatem - ok
10:37:23.0875 2576 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:37:23.0891 2576 gusvc - ok
10:37:23.0984 2576 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:37:24.0031 2576 hcw85cir - ok
10:37:24.0172 2576 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:37:24.0203 2576 HDAudBus - ok
10:37:24.0296 2576 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:37:24.0328 2576 HidBatt - ok
10:37:24.0452 2576 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:37:24.0484 2576 HidBth - ok
10:37:24.0593 2576 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:37:24.0624 2576 HidIr - ok
10:37:24.0718 2576 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
10:37:24.0764 2576 hidserv - ok
10:37:24.0874 2576 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
10:37:24.0889 2576 HidUsb - ok
10:37:24.0983 2576 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
10:37:25.0030 2576 hkmsvc - ok
10:37:25.0108 2576 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
10:37:25.0170 2576 HomeGroupListener - ok
10:37:25.0264 2576 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
10:37:25.0295 2576 HomeGroupProvider - ok
10:37:25.0404 2576 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:37:25.0420 2576 HpSAMD - ok
10:37:25.0576 2576 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
10:37:25.0622 2576 HTTP - ok
10:37:25.0732 2576 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
10:37:25.0763 2576 hwpolicy - ok
10:37:25.0888 2576 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
10:37:25.0903 2576 i8042prt - ok
10:37:26.0075 2576 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
10:37:26.0122 2576 iaStorV - ok
10:37:26.0371 2576 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:37:26.0402 2576 idsvc - ok
10:37:26.0668 2576 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:37:26.0902 2576 igfx - ok
10:37:27.0026 2576 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:37:27.0026 2576 iirsp - ok
10:37:27.0182 2576 IJPLMSVC (755519f49906b73c1fe9cbbf75e347ea) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
10:37:27.0182 2576 IJPLMSVC - ok
10:37:27.0323 2576 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
10:37:27.0385 2576 IKEEXT - ok
10:37:27.0572 2576 IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\Windows\system32\drivers\RTKVHDA.sys
10:37:27.0650 2576 IntcAzAudAddService - ok
10:37:27.0775 2576 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
10:37:27.0775 2576 intelide - ok
10:37:27.0822 2576 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:37:27.0838 2576 intelppm - ok
10:37:27.0931 2576 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:37:27.0978 2576 IPBusEnum - ok
10:37:28.0087 2576 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:37:28.0118 2576 IpFilterDriver - ok
10:37:28.0212 2576 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
10:37:28.0259 2576 iphlpsvc - ok
10:37:28.0368 2576 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:37:28.0399 2576 IPMIDRV - ok
10:37:28.0493 2576 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:37:28.0540 2576 IPNAT - ok
10:37:28.0696 2576 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:37:28.0727 2576 IRENUM - ok
10:37:28.0836 2576 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
10:37:28.0836 2576 iScsiPrt - ok
10:37:29.0070 2576 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
10:37:29.0101 2576 k57nd60x - ok
10:37:29.0210 2576 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:37:29.0226 2576 kbdclass - ok
10:37:29.0335 2576 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
10:37:29.0382 2576 kbdhid - ok
10:37:29.0476 2576 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:37:29.0476 2576 KeyIso - ok
10:37:29.0569 2576 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
10:37:29.0600 2576 KSecDD - ok
10:37:29.0694 2576 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
10:37:29.0710 2576 KSecPkg - ok
10:37:29.0788 2576 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:37:29.0834 2576 KtmRm - ok
10:37:29.0975 2576 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
10:37:30.0037 2576 LanmanServer - ok
10:37:30.0287 2576 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
10:37:30.0318 2576 LanmanWorkstation - ok
10:37:30.0630 2576 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:37:30.0677 2576 lltdio - ok
10:37:30.0817 2576 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:37:30.0895 2576 lltdsvc - ok
10:37:31.0067 2576 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:37:31.0114 2576 lmhosts - ok
10:37:31.0254 2576 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:37:31.0270 2576 LSI_FC - ok
10:37:31.0394 2576 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:37:31.0426 2576 LSI_SAS - ok
10:37:31.0675 2576 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:37:31.0675 2576 LSI_SAS2 - ok
10:37:31.0769 2576 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:37:31.0784 2576 LSI_SCSI - ok
10:37:31.0925 2576 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:37:31.0972 2576 luafv - ok
10:37:32.0096 2576 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
10:37:32.0112 2576 McciCMService ( UnsignedFile.Multi.Generic ) - warning
10:37:32.0112 2576 McciCMService - detected UnsignedFile.Multi.Generic (1)
10:37:32.0190 2576 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
10:37:32.0221 2576 Mcx2Svc - ok
10:37:32.0330 2576 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:37:32.0346 2576 megasas - ok
10:37:32.0471 2576 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:37:32.0486 2576 MegaSR - ok
10:37:32.0580 2576 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:37:32.0627 2576 MMCSS - ok
10:37:32.0720 2576 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:37:32.0767 2576 Modem - ok
10:37:32.0892 2576 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:37:32.0923 2576 monitor - ok
10:37:33.0017 2576 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:37:33.0032 2576 mouclass - ok
10:37:33.0157 2576 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:37:33.0188 2576 mouhid - ok
10:37:33.0266 2576 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
10:37:33.0282 2576 mountmgr - ok
10:37:33.0360 2576 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
10:37:33.0360 2576 mpio - ok
10:37:33.0454 2576 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:37:33.0485 2576 mpsdrv - ok
10:37:33.0610 2576 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
10:37:33.0656 2576 MpsSvc - ok
10:37:33.0750 2576 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
10:37:33.0766 2576 MRxDAV - ok
10:37:33.0906 2576 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:37:33.0953 2576 mrxsmb - ok
10:37:34.0046 2576 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:37:34.0078 2576 mrxsmb10 - ok
10:37:34.0187 2576 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:37:34.0202 2576 mrxsmb20 - ok
10:37:34.0280 2576 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
10:37:34.0296 2576 msahci - ok
10:37:34.0358 2576 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
10:37:34.0374 2576 msdsm - ok
10:37:34.0468 2576 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:37:34.0546 2576 MSDTC - ok
10:37:34.0686 2576 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:37:34.0702 2576 Msfs - ok
10:37:34.0748 2576 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:37:34.0764 2576 mshidkmdf - ok
10:37:34.0826 2576 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
10:37:34.0826 2576 msisadrv - ok
10:37:34.0967 2576 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:37:34.0998 2576 MSiSCSI - ok
10:37:35.0076 2576 msiserver - ok
10:37:35.0138 2576 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:37:35.0185 2576 MSKSSRV - ok
10:37:35.0294 2576 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:37:35.0326 2576 MSPCLOCK - ok
10:37:35.0444 2576 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:37:35.0464 2576 MSPQM - ok
10:37:35.0504 2576 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:37:35.0514 2576 MsRPC - ok
10:37:35.0584 2576 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:37:35.0594 2576 mssmbios - ok
10:37:35.0744 2576 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:37:35.0764 2576 MSTEE - ok
10:37:35.0844 2576 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:37:35.0874 2576 MTConfig - ok
10:37:36.0014 2576 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:37:36.0024 2576 Mup - ok
10:37:36.0114 2576 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
10:37:36.0154 2576 napagent - ok
10:37:36.0284 2576 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:37:36.0314 2576 NativeWifiP - ok
10:37:36.0424 2576 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
10:37:36.0454 2576 NDIS - ok
10:37:36.0584 2576 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:37:36.0624 2576 NdisCap - ok
10:37:36.0964 2576 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:37:37.0004 2576 NdisTapi - ok
10:37:37.0094 2576 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
10:37:37.0134 2576 Ndisuio - ok
10:37:37.0234 2576 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
10:37:37.0264 2576 NdisWan - ok
10:37:37.0314 2576 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
10:37:37.0334 2576 NDProxy - ok
10:37:37.0469 2576 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:37:37.0500 2576 NetBIOS - ok
10:37:37.0594 2576 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
10:37:37.0641 2576 NetBT - ok
10:37:37.0750 2576 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:37:37.0750 2576 Netlogon - ok
10:37:37.0875 2576 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:37:37.0906 2576 Netman - ok
10:37:38.0031 2576 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:37:38.0078 2576 netprofm - ok
10:37:38.0171 2576 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:37:38.0187 2576 NetTcpPortSharing - ok
10:37:38.0327 2576 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:37:38.0343 2576 nfrd960 - ok
10:37:38.0421 2576 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
10:37:38.0452 2576 NlaSvc - ok
10:37:38.0577 2576 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:37:38.0624 2576 Npfs - ok
10:37:38.0702 2576 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:37:38.0733 2576 nsi - ok
10:37:38.0795 2576 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:37:38.0826 2576 nsiproxy - ok
10:37:38.0944 2576 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
10:37:38.0974 2576 Ntfs - ok
10:37:39.0084 2576 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:37:39.0124 2576 Null - ok
10:37:39.0244 2576 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
10:37:39.0254 2576 nvraid - ok
10:37:39.0414 2576 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
10:37:39.0424 2576 nvstor - ok
10:37:39.0504 2576 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
10:37:39.0514 2576 nv_agp - ok
10:37:39.0644 2576 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
10:37:39.0694 2576 ohci1394 - ok
10:37:39.0814 2576 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:37:39.0824 2576 ose - ok
10:37:39.0924 2576 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:37:40.0024 2576 osppsvc - ok
10:37:40.0134 2576 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:37:40.0154 2576 p2pimsvc - ok
10:37:40.0234 2576 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:37:40.0264 2576 p2psvc - ok
10:37:40.0404 2576 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:37:40.0434 2576 Parport - ok
10:37:40.0514 2576 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
10:37:40.0524 2576 partmgr - ok
10:37:40.0574 2576 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:37:40.0634 2576 Parvdm - ok
10:37:40.0734 2576 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:37:40.0754 2576 PcaSvc - ok
10:37:40.0834 2576 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
10:37:40.0864 2576 pci - ok
10:37:40.0954 2576 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
10:37:40.0970 2576 pciide - ok
10:37:41.0032 2576 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:37:41.0048 2576 pcmcia - ok
10:37:41.0142 2576 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:37:41.0157 2576 pcw - ok
10:37:41.0266 2576 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:37:41.0313 2576 PEAUTH - ok
10:37:41.0422 2576 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
10:37:41.0500 2576 pla - ok
10:37:41.0613 2576 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
10:37:41.0663 2576 PlugPlay - ok
10:37:41.0743 2576 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:37:41.0763 2576 PNRPAutoReg - ok
10:37:41.0923 2576 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:37:41.0933 2576 PNRPsvc - ok
10:37:42.0023 2576 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
10:37:42.0063 2576 PolicyAgent - ok
10:37:42.0173 2576 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
10:37:42.0193 2576 Power - ok
10:37:42.0313 2576 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:37:42.0333 2576 PptpMiniport - ok
10:37:42.0393 2576 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:37:42.0423 2576 Processor - ok
10:37:42.0503 2576 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
10:37:42.0553 2576 ProfSvc - ok
10:37:42.0663 2576 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:37:42.0673 2576 ProtectedStorage - ok
10:37:42.0783 2576 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:37:42.0823 2576 Psched - ok
10:37:42.0963 2576 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:37:43.0013 2576 ql2300 - ok
10:37:43.0153 2576 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:37:43.0173 2576 ql40xx - ok
10:37:43.0253 2576 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:37:43.0283 2576 QWAVE - ok
10:37:43.0393 2576 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:37:43.0423 2576 QWAVEdrv - ok
10:37:43.0503 2576 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:37:43.0543 2576 RasAcd - ok
10:37:43.0666 2576 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:37:43.0698 2576 RasAgileVpn - ok
10:37:43.0791 2576 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:37:43.0822 2576 RasAuto - ok
10:37:43.0947 2576 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:37:43.0978 2576 Rasl2tp - ok
10:37:44.0072 2576 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
10:37:44.0119 2576 RasMan - ok
10:37:44.0244 2576 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:37:44.0275 2576 RasPppoe - ok
10:37:44.0384 2576 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:37:44.0415 2576 RasSstp - ok
10:37:44.0493 2576 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
10:37:44.0524 2576 rdbss - ok
10:37:44.0602 2576 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:37:44.0634 2576 rdpbus - ok
10:37:44.0758 2576 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:37:44.0805 2576 RDPCDD - ok
10:37:44.0899 2576 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:37:44.0946 2576 RDPENCDD - ok
10:37:45.0055 2576 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:37:45.0086 2576 RDPREFMP - ok
10:37:45.0195 2576 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
10:37:45.0211 2576 RDPWD - ok
10:37:45.0336 2576 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
10:37:45.0351 2576 rdyboost - ok
10:37:45.0429 2576 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:37:45.0476 2576 RemoteAccess - ok
10:37:45.0648 2576 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:37:45.0679 2576 RemoteRegistry - ok
10:37:45.0788 2576 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
10:37:45.0835 2576 ROOTMODEM - ok
10:37:45.0975 2576 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:37:45.0991 2576 RpcEptMapper - ok
10:37:46.0038 2576 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:37:46.0069 2576 RpcLocator - ok
10:37:46.0178 2576 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
10:37:46.0194 2576 RpcSs - ok
10:37:46.0303 2576 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:37:46.0334 2576 rspndr - ok
10:37:46.0459 2576 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:37:46.0459 2576 SamSs - ok
10:37:46.0537 2576 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:37:46.0552 2576 SASDIFSV - ok
10:37:46.0568 2576 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:37:46.0584 2576 SASKUTIL - ok
10:37:46.0693 2576 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
10:37:46.0693 2576 sbp2port - ok
10:37:46.0771 2576 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:37:46.0802 2576 SCardSvr - ok
10:37:46.0927 2576 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
10:37:46.0958 2576 scfilter - ok
10:37:47.0052 2576 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
10:37:47.0130 2576 Schedule - ok
10:37:47.0208 2576 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
10:37:47.0223 2576 SCPolicySvc - ok
10:37:47.0254 2576 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
10:37:47.0306 2576 SDRSVC - ok
10:37:47.0446 2576 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:37:47.0466 2576 SeaPort - ok
10:37:47.0576 2576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:37:47.0616 2576 secdrv - ok
10:37:47.0736 2576 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:37:47.0776 2576 seclogon - ok
10:37:47.0866 2576 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:37:47.0916 2576 SENS - ok
10:37:48.0016 2576 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:37:48.0076 2576 SensrSvc - ok
10:37:48.0166 2576 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:37:48.0186 2576 Serenum - ok
10:37:48.0316 2576 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:37:48.0336 2576 Serial - ok
10:37:48.0366 2576 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:37:48.0396 2576 sermouse - ok
10:37:48.0476 2576 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
10:37:48.0496 2576 SessionEnv - ok
10:37:48.0586 2576 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
10:37:48.0616 2576 sffdisk - ok
10:37:48.0706 2576 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:37:48.0736 2576 sffp_mmc - ok
10:37:48.0856 2576 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:37:48.0886 2576 sffp_sd - ok
10:37:48.0936 2576 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:37:48.0966 2576 sfloppy - ok
10:37:49.0096 2576 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:37:49.0126 2576 Sftfs - ok
10:37:49.0216 2576 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
10:37:49.0226 2576 sftlist - ok
10:37:49.0351 2576 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:37:49.0367 2576 Sftplay - ok
10:37:49.0382 2576 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:37:49.0382 2576 Sftredir - ok
10:37:49.0460 2576 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:37:49.0476 2576 Sftvol - ok
10:37:49.0585 2576 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
10:37:49.0601 2576 sftvsa - ok
10:37:49.0679 2576 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:37:49.0726 2576 SharedAccess - ok
10:37:49.0848 2576 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
10:37:49.0888 2576 ShellHWDetection - ok
10:37:49.0988 2576 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
10:37:49.0998 2576 sisagp - ok
10:37:50.0138 2576 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:37:50.0148 2576 SiSRaid2 - ok
10:37:50.0198 2576 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:37:50.0208 2576 SiSRaid4 - ok
10:37:50.0298 2576 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:37:50.0338 2576 Smb - ok
10:37:50.0478 2576 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:37:50.0508 2576 SNMPTRAP - ok
10:37:50.0598 2576 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:37:50.0608 2576 spldr - ok
10:37:50.0748 2576 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
10:37:50.0808 2576 Spooler - ok
10:37:50.0918 2576 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
10:37:51.0018 2576 sppsvc - ok
10:37:51.0108 2576 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
10:37:51.0138 2576 sppuinotify - ok
10:37:51.0278 2576 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
10:37:51.0338 2576 srv - ok
10:37:51.0438 2576 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
10:37:51.0448 2576 srv2 - ok
10:37:51.0568 2576 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
10:37:51.0598 2576 srvnet - ok
10:37:51.0688 2576 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:37:51.0708 2576 SSDPSRV - ok
10:37:51.0728 2576 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:37:51.0778 2576 SstpSvc - ok
10:37:51.0869 2576 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:37:51.0885 2576 stexstor - ok
10:37:52.0025 2576 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
10:37:52.0056 2576 StiSvc - ok
10:37:52.0150 2576 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:37:52.0166 2576 swenum - ok
10:37:52.0275 2576 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:37:52.0306 2576 swprv - ok
10:37:52.0415 2576 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
10:37:52.0462 2576 SysMain - ok
10:37:52.0556 2576 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
10:37:52.0587 2576 TabletInputService - ok
10:37:52.0680 2576 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
10:37:52.0696 2576 TapiSrv - ok
10:37:52.0712 2576 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:37:52.0758 2576 TBS - ok
10:37:52.0899 2576 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
10:37:52.0946 2576 Tcpip - ok
10:37:53.0086 2576 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
10:37:53.0102 2576 TCPIP6 - ok
10:37:53.0224 2576 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
10:37:53.0264 2576 tcpipreg - ok
10:37:53.0384 2576 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
10:37:53.0404 2576 TDPIPE - ok
10:37:53.0494 2576 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
10:37:53.0524 2576 TDTCP - ok
10:37:53.0624 2576 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
10:37:53.0674 2576 tdx - ok
10:37:53.0754 2576 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
10:37:53.0764 2576 TermDD - ok
10:37:53.0834 2576 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
10:37:53.0894 2576 TermService - ok
10:37:53.0984 2576 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:37:53.0994 2576 Themes - ok
10:37:54.0044 2576 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:37:54.0064 2576 THREADORDER - ok
10:37:54.0174 2576 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:37:54.0214 2576 TrkWks - ok
10:37:54.0284 2576 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
10:37:54.0324 2576 TrustedInstaller - ok
10:37:54.0424 2576 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:37:54.0464 2576 tssecsrv - ok
10:37:54.0574 2576 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
10:37:54.0594 2576 tunnel - ok
10:37:54.0684 2576 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:37:54.0694 2576 uagp35 - ok
10:37:54.0784 2576 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
10:37:54.0834 2576 udfs - ok
10:37:54.0924 2576 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:37:54.0954 2576 UI0Detect - ok
10:37:55.0054 2576 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:37:55.0064 2576 uliagpkx - ok
10:37:55.0190 2576 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
10:37:55.0205 2576 umbus - ok
10:37:55.0314 2576 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:37:55.0330 2576 UmPass - ok
10:37:55.0439 2576 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:37:55.0455 2576 upnphost - ok
10:37:55.0548 2576 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\drivers\usbccgp.sys
10:37:55.0595 2576 usbccgp - ok
10:37:55.0736 2576 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
10:37:55.0736 2576 usbcir - ok
10:37:55.0798 2576 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
10:37:55.0814 2576 usbehci - ok
10:37:55.0938 2576 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
10:37:55.0985 2576 usbhub - ok
10:37:56.0079 2576 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
10:37:56.0094 2576 usbohci - ok
10:37:56.0235 2576 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:37:56.0266 2576 usbprint - ok
10:37:56.0360 2576 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:37:56.0375 2576 usbscan - ok
10:37:56.0516 2576 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
10:37:56.0562 2576 USBSTOR - ok
10:37:56.0656 2576 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
10:37:56.0672 2576 usbuhci - ok
10:37:56.0765 2576 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:37:56.0781 2576 UxSms - ok
10:37:56.0812 2576 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:37:56.0812 2576 VaultSvc - ok
10:37:56.0937 2576 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:37:56.0937 2576 vdrvroot - ok
10:37:57.0046 2576 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
10:37:57.0077 2576 vds - ok
10:37:57.0171 2576 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:37:57.0202 2576 vga - ok
10:37:57.0327 2576 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:37:57.0342 2576 VgaSave - ok
10:37:57.0389 2576 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
10:37:57.0405 2576 vhdmp - ok
10:37:57.0545 2576 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
10:37:57.0561 2576 viaagp - ok
10:37:57.0639 2576 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:37:57.0670 2576 ViaC7 - ok
10:37:57.0779 2576 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
10:37:57.0810 2576 viaide - ok
10:37:57.0873 2576 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
10:37:57.0888 2576 volmgr - ok
10:37:57.0982 2576 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:37:57.0998 2576 volmgrx - ok
10:37:58.0107 2576 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
10:37:58.0122 2576 volsnap - ok
10:37:58.0247 2576 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:37:58.0247 2576 vsmraid - ok
10:37:58.0372 2576 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
10:37:58.0419 2576 VSS - ok
10:37:58.0637 2576 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
10:37:58.0668 2576 vToolbarUpdater10.2.0 - ok
10:37:58.0762 2576 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:37:58.0793 2576 vwifibus - ok
10:37:58.0902 2576 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:37:58.0949 2576 W32Time - ok
10:37:59.0043 2576 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:37:59.0043 2576 WacomPen - ok
10:37:59.0168 2576 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:59.0183 2576 WANARP - ok
10:37:59.0183 2576 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:59.0214 2576 Wanarpv6 - ok
10:37:59.0292 2576 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
10:37:59.0339 2576 wanatw - ok
10:37:59.0448 2576 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:37:59.0495 2576 WatAdminSvc - ok
10:37:59.0604 2576 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
10:37:59.0714 2576 wbengine - ok
10:37:59.0807 2576 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:37:59.0838 2576 WbioSrvc - ok
10:37:59.0916 2576 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
10:37:59.0979 2576 wcncsvc - ok
10:38:00.0072 2576 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:38:00.0135 2576 WcsPlugInService - ok
10:38:00.0213 2576 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:38:00.0228 2576 Wd - ok
10:38:00.0322 2576 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:38:00.0338 2576 Wdf01000 - ok
10:38:00.0400 2576 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:38:00.0431 2576 WdiServiceHost - ok
10:38:00.0431 2576 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:38:00.0447 2576 WdiSystemHost - ok
10:38:00.0540 2576 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
10:38:00.0587 2576 WebClient - ok
10:38:00.0650 2576 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:38:00.0681 2576 Wecsvc - ok
10:38:00.0712 2576 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:38:00.0743 2576 wercplsupport - ok
10:38:00.0884 2576 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:38:00.0899 2576 WerSvc - ok
10:38:00.0993 2576 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:38:01.0008 2576 WfpLwf - ok
10:38:01.0102 2576 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:38:01.0118 2576 WIMMount - ok
10:38:01.0180 2576 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:38:01.0211 2576 WinDefend - ok
10:38:01.0211 2576 WinHttpAutoProxySvc - ok
10:38:01.0320 2576 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:38:01.0367 2576 Winmgmt - ok
10:38:01.0461 2576 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
10:38:01.0492 2576 WinRM - ok
10:38:01.0650 2576 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
10:38:01.0700 2576 WinUsb - ok
10:38:01.0790 2576 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:38:01.0840 2576 Wlansvc - ok
10:38:02.0000 2576 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:38:02.0010 2576 wlcrasvc - ok
10:38:02.0100 2576 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:38:02.0140 2576 wlidsvc - ok
10:38:02.0230 2576 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:38:02.0260 2576 WmiAcpi - ok
10:38:02.0380 2576 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:38:02.0400 2576 wmiApSrv - ok
10:38:02.0500 2576 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:38:02.0580 2576 WMPNetworkSvc - ok
10:38:02.0680 2576 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:38:02.0710 2576 WPCSvc - ok
10:38:02.0790 2576 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
10:38:02.0820 2576 WPDBusEnum - ok
10:38:02.0930 2576 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:38:02.0960 2576 ws2ifsl - ok
10:38:03.0040 2576 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
10:38:03.0070 2576 wscsvc - ok
10:38:03.0170 2576 WSearch - ok
10:38:03.0230 2576 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
10:38:03.0290 2576 wuauserv - ok
10:38:03.0340 2576 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
10:38:03.0360 2576 WudfPf - ok
10:38:03.0440 2576 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:03.0470 2576 WUDFRd - ok
10:38:03.0580 2576 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
10:38:03.0610 2576 wudfsvc - ok
10:38:03.0720 2576 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:38:03.0750 2576 WwanSvc - ok
10:38:03.0780 2576 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
10:38:03.0960 2576 \Device\Harddisk0\DR0 - ok
10:38:03.0970 2576 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
10:38:04.0110 2576 \Device\Harddisk1\DR1 - ok
10:38:04.0190 2576 Boot (0x1200) (4850f2c239332ae4b6bcf77d0c213b9a) \Device\Harddisk0\DR0\Partition0
10:38:04.0200 2576 \Device\Harddisk0\DR0\Partition0 - ok
10:38:04.0210 2576 Boot (0x1200) (fabea6456dcf6e6fb9241a5b4c6befec) \Device\Harddisk0\DR0\Partition1
10:38:04.0210 2576 \Device\Harddisk0\DR0\Partition1 - ok
10:38:04.0210 2576 Boot (0x1200) (5b011e06970954e727f45a7f2f079d42) \Device\Harddisk1\DR1\Partition0
10:38:04.0210 2576 \Device\Harddisk1\DR1\Partition0 - ok
10:38:04.0210 2576 ============================================================
10:38:04.0210 2576 Scan finished
10:38:04.0210 2576 ============================================================
10:38:04.0220 7228 Detected object count: 1
10:38:04.0220 7228 Actual detected object count: 1
10:38:46.0030 7228 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:46.0030 7228 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 20 April 2012 - 09:49 AM

Delete your ComboFix copy and then:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#7 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 20 April 2012 - 10:35 AM

Hi Maniac,

DId as requested. Below is the combofix log. When the machine rebooted I did get an error box with the following info.

C:windows\system32\GfxUI.exe
"Illegal Operation attemped on registry key that has been marked for deletion"


Here is log

ComboFix 12-04-20.03 - Don Gonsalves 04/20/2012 10:59:16.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.934 [GMT -4:00]
Running from: c:\users\Don Gonsalves\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\iwfnaaa.tmp
c:\users\Don Gonsalves\ComboFix.exe
c:\windows\expl.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
.
c:\windows\system32\svchost.exe . . . is infected!!
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 15:11 . 2012-04-20 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 22:44 . 2012-04-18 22:44 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\SUPERAntiSpyware.com
2012-04-18 22:43 . 2012-04-18 22:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-18 22:43 . 2012-04-18 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-18 22:43 . 2012-04-18 22:43 16090640 ----a-w- C:\SAS_935F0.EXE
2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\Malwarebytes
2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\programdata\Malwarebytes
2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-18 20:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 20:56 . 2012-04-18 20:56 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe
2012-04-18 20:45 . 2012-04-18 20:45 2072112 ----a-w- C:\TDSSKiller.exe
2012-04-14 13:22 . 2012-04-14 13:22 -------- d-----w- c:\programdata\CanonIJEGV
2012-04-13 07:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 07:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:02 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-25 21:26 . 2012-03-25 21:26 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 15:13 . 2011-04-28 11:18 2639872 ----a-w- c:\windows\explorer.exe
2012-04-20 15:13 . 2010-06-15 23:35 311808 ----a-w- c:\windows\system32\winlogon.exe
2012-04-18 22:23 . 2012-04-18 22:22 2052792 ----a-w- C:\tdsskiller.zip
2012-02-22 12:29 . 2011-06-03 10:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 08:03 . 2012-02-22 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-22 08:03 . 2012-02-22 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-22 08:03 . 2012-02-22 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-22 08:03 . 2012-02-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-22 08:03 . 2012-02-22 08:03 367104 ----a-w- c:\windows\system32\html.iec
2012-02-22 08:03 . 2012-02-22 08:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-22 08:03 . 2012-02-22 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-22 08:03 . 2012-02-22 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-22 08:03 . 2012-02-22 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-22 08:03 . 2012-02-22 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-22 08:03 . 2012-02-22 08:03 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-22 08:03 . 2012-02-22 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-22 08:03 . 2012-02-22 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-22 08:03 . 2012-02-22 08:03 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-22 08:03 . 2012-02-22 08:03 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-15 05:44 . 2012-03-14 11:39 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 11:39 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 11:39 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41 . 2012-03-14 11:39 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 11:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 11:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 11:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 11:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-14 11:39 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:44 . 2012-03-14 11:39 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:44 . 2012-03-14 11:39 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:40 . 2012-03-14 11:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-20 . DF974BC5437A7FDF82B4523DFCB4456F . 311808 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe
[7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[7] 2010-06-15 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[7] 2010-06-15 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
.
[-] 2009-07-14 . E1BCFAC40EE52A8B870CDC55A47779CC . 46080 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[-] 2012-04-20 . C2C701939D4BC20A1BE5E61288CE9BEA . 2639872 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2010-06-15 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2010-06-15 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2010-06-15 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2010-06-15 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2010-06-15 . FC89FACA0473641CB625EDA9277D0885 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
[7] 2010-06-15 . 00B0358734CAA32C39D181FE6916B178 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 01:30 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-20 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"HostManager"="c:\program files\Common Files\AOL\1277647536\ee\AOLSoftware.exe" [2010-03-08 41800]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-01 928096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-22 250016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13,
be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5,
3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:be,78,ea,ac,07,03,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\conhost.exe
c:\windows\BCMSMMSG.exe
c:\program files\AOL Desktop 9.6\waol.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL Desktop 9.6\shellmon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-04-20 11:19:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 15:19
ComboFix2.txt 2012-04-18 23:49
.
Pre-Run: 202,121,179,136 bytes free
Post-Run: 201,840,066,560 bytes free
.
- - End Of File - - 98FD881016D11EACAA3F228A143DF30E

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 20 April 2012 - 12:37 PM

Quote

"Illegal Operation attemped on registry key that has been marked for deletion"

Reboot your PC and this will be fixed.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe | c:\windows\System32\winlogon.exe
c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe | c:\windows\System32\svchost.exe
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe | c:\windows\explorer.exe

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#9 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 22 April 2012 - 08:16 PM

HI Maniac,

Here is combofix log as instructed.

ComboFix 12-04-20.03 - Don Gonsalves 04/22/2012 20:45:55.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1218 [GMT -4:00]
Running from: c:\users\Don Gonsalves\Desktop\ComboFix.exe
Command switches used :: c:\users\Don Gonsalves\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\expl.dat
c:\windows\system32\winl.dat
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
.
c:\windows\system32\svchost.exe . . . is infected!!
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 00:58 . 2012-04-23 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 15:49 . 2012-04-20 15:49 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-04-20 15:49 . 2012-04-20 15:49 -------- d-----w- c:\programdata\Virtualized Applications
2012-04-20 14:57 . 2012-04-20 14:57 -------- d-----w- c:\programdata\Viewpoint
2012-04-18 22:44 . 2012-04-18 22:44 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\SUPERAntiSpyware.com
2012-04-18 22:43 . 2012-04-18 22:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-18 22:43 . 2012-04-18 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-18 22:43 . 2012-04-18 22:43 16090640 ----a-w- C:\SAS_935F0.EXE
2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\Malwarebytes
2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\programdata\Malwarebytes
2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-18 20:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 20:56 . 2012-04-18 20:56 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe
2012-04-18 20:45 . 2012-04-18 20:45 2072112 ----a-w- C:\TDSSKiller.exe
2012-04-14 13:22 . 2012-04-14 13:22 -------- d-----w- c:\programdata\CanonIJEGV
2012-04-13 07:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 07:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:02 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-25 21:26 . 2012-03-25 21:26 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 01:00 . 2011-04-28 11:18 2639872 ----a-w- c:\windows\explorer.exe
2012-04-23 01:00 . 2010-06-15 23:35 311808 ----a-w- c:\windows\system32\winlogon.exe
2012-04-18 22:23 . 2012-04-18 22:22 2052792 ----a-w- C:\tdsskiller.zip
2012-03-01 05:49 . 2012-04-12 07:02 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:40 . 2012-04-12 07:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:11 . 2012-04-12 07:08 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-22 12:29 . 2011-06-03 10:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 08:03 . 2012-02-22 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-22 08:03 . 2012-02-22 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-22 08:03 . 2012-02-22 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-22 08:03 . 2012-02-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-22 08:03 . 2012-02-22 08:03 367104 ----a-w- c:\windows\system32\html.iec
2012-02-22 08:03 . 2012-02-22 08:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-22 08:03 . 2012-02-22 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-22 08:03 . 2012-02-22 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-22 08:03 . 2012-02-22 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-22 08:03 . 2012-02-22 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-22 08:03 . 2012-02-22 08:03 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-22 08:03 . 2012-02-22 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-22 08:03 . 2012-02-22 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-22 08:03 . 2012-02-22 08:03 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-22 08:03 . 2012-02-22 08:03 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-15 05:44 . 2012-03-14 11:39 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 11:39 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 11:39 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41 . 2012-03-14 11:39 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 11:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 11:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 11:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 11:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-14 11:39 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:44 . 2012-03-14 11:39 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:44 . 2012-03-14 11:39 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:40 . 2012-03-14 11:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-23 . DF974BC5437A7FDF82B4523DFCB4456F . 311808 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe
[7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[7] 2010-06-15 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[7] 2010-06-15 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
.
[-] 2009-07-14 . E1BCFAC40EE52A8B870CDC55A47779CC . 46080 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[-] 2012-04-23 . C2C701939D4BC20A1BE5E61288CE9BEA . 2639872 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2010-06-15 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2010-06-15 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2010-06-15 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2010-06-15 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2010-06-15 . FC89FACA0473641CB625EDA9277D0885 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
[7] 2010-06-15 . 00B0358734CAA32C39D181FE6916B178 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 01:30 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-20 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"HostManager"="c:\program files\Common Files\AOL\1277647536\ee\AOLSoftware.exe" [2010-03-08 41800]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-01 928096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-22 250016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13,
be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5,
3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:be,78,ea,ac,07,03,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\BCMSMMSG.exe
c:\program files\AOL Desktop 9.6\waol.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\system32\DllHost.exe
c:\program files\AOL Desktop 9.6\shellmon.exe
c:\windows\system32\sppsvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
c:\program files\aol toolbar\aoltbServer.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\aoltbServer.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\aol\1277647536\ee\aolupdates.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-04-22 21:08:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-23 01:08
ComboFix2.txt 2012-04-20 15:19
ComboFix3.txt 2012-04-18 23:49
.
Pre-Run: 206,143,279,104 bytes free
Post-Run: 205,839,876,096 bytes free
.
- - End Of File - - 8EA476B47D0689BABA594771BF3F80F4

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 April 2012 - 12:54 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#11 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 24 April 2012 - 07:54 PM

Hi Maniac,

Did scan as instructed, no infected files found. here is log file from Eset online scan

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

still having redirect issue Internet Explorer.

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 25 April 2012 - 01:55 PM

First, visit www.virustotal.com and upload the following file:
c:\windows\System32\winlogon.exe

Next, wait until scan finished and then post the link in your next reply.

Second,

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#13 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 26 April 2012 - 04:39 PM

Hi Maniac,

Ran the winlogon.exe in virustotal.com and here is result
https://www.virustot...sis/1335475908/

Found 3 items.

Ran ASWMBR as instructed. Here is log file from that scan.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 17:35:43
-----------------------------
17:35:43.126 OS Version: Windows 6.1.7600
17:35:43.126 Number of processors: 2 586 0x170A
17:35:43.126 ComputerName: DONGONSALVES-PC UserName: Don Gonsalves
17:36:09.873 Initialize success
17:36:48.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:36:48.847 Disk 0 Vendor: ST3250318AS CC45 Size: 238418MB BusType: 3
17:36:48.847 Disk 0 MBR read successfully
17:36:48.862 Disk 0 MBR scan
17:36:48.862 Disk 0 Windows VISTA default MBR code
17:36:48.862 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:36:48.878 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9818 MB offset 81920
17:36:48.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228559 MB offset 20189184
17:36:48.893 Disk 0 scanning sectors +488278016
17:36:48.940 Disk 0 scanning C:\Windows\system32\drivers
17:36:54.447 Service scanning
17:37:09.969 Modules scanning
17:37:15.195 Disk 0 trace - called modules:
17:37:15.211 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:37:15.226 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855fc5f8]
17:37:15.226 3 CLASSPNP.SYS[88ba359e] -> nt!IofCallDriver -> [0x85148918]
17:37:15.226 5 ACPI.sys[8861b3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85196030]
17:37:15.226 Scan finished successfully
17:37:30.421 Disk 0 MBR has been saved successfully to "C:\Users\Don Gonsalves\Desktop\MBR.dat"
17:37:30.436 The log file has been saved successfully to "C:\Users\Don Gonsalves\Desktop\aswMBR.txt"

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 April 2012 - 02:12 AM

How are things there?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#15 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 27 April 2012 - 06:39 AM

Hi Maniac, ran the virustotal file check of the winlogon.exe file and i posted the link to the results as instructed. Seemed to have found a trojan of some sort. I also attached in my earlier posting the ASWMBR scan. Awaiting your next instructions. Thanks.

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 April 2012 - 09:23 AM

I mean is there any progress?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#17 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 27 April 2012 - 06:08 PM

Hi Maniac,

The computer still has the redirect when using google.com to search for a topic. I notice in my tabs that it briefly says "credit-crush.com" then says redirecting.

When i put in "scour redirect" into google.com to do a search, usually when i click on one of the search results it then goes into the redirect mode.

I tried going to yahoo.com and using their search engine, but samething happened. Got the redirect when attempting to connect to a yahoo search result.

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 April 2012 - 05:16 AM

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and post it in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#19 efgonzo61

efgonzo61

    New Member

  • Members
  • Pip
  • 20 posts

Posted 30 April 2012 - 08:22 PM

Hi Maniac,

Ran the Kaspersky virus removal tool scan as instructed. It found 3 threats. I quarantined 2 of them and deleted one as instructed by the program.

Status: Quarantined (events: 2)
4/30/2012 8:12:40 PM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRQVA260\images[1].htm High
4/30/2012 8:13:00 PM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IC1Y0737\images[1].htm High
Status: Disinfected (events: 2)
4/30/2012 8:12:24 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.q C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\5141ff24-615a64ed High
4/30/2012 8:12:24 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.q C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\5141ff24-615a64ed/ta/ta.class High

#20 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,454 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 May 2012 - 05:14 AM

Please uninstall Java Auto Updater and Java™ 6 Update 26:
http://www.java.com/...d/uninstall.jsp

Reboot your PC.

Next, download and install Java 7:
http://www.oracle.co....html#javasejdk

Let me know is there any progress.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image
Back to Resolved HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malware Removal Support
  3. Malware Removal Help
  4. Resolved HijackThis Logs
  5. Privacy Policy
  6. Terms of Use ·