Jump to content


Photo
- - - - -

I am infected


  • This topic is locked This topic is locked
29 replies to this topic

#21 Hijacked_Help

Hijacked_Help

    New Member

  • Members
  • Pip
  • 15 posts

Posted 30 March 2013 - 09:26 PM

Thanks, I'll get back to you tomorrow. I also messaged you if you could read that, thanks.

#22 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 30 March 2013 - 09:35 PM

OK see you then


gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#23 Hijacked_Help

Hijacked_Help

    New Member

  • Members
  • Pip
  • 15 posts

Posted 31 March 2013 - 01:07 PM

ComboFix 13-03-30.01 - Son 31/03/2013 14:00:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3959.1809 [GMT -4:00]
Running from: c:\users\Son\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 )))))))))))))))))))))))))))))))
.
.
2013-03-31 18:03 . 2013-03-31 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 19:05 . 2013-03-30 19:05 -------- d-----w- c:\windows\NAPP_Dism_Log
2013-03-30 17:44 . 2013-03-30 17:44 -------- d-----w- c:\program files (x86)\Ask.com
2013-03-30 17:44 . 2013-03-30 17:44 -------- d-----w- C:\Firefox
2013-03-30 17:35 . 2013-03-30 17:35 -------- d-----w- c:\windows\.jagex_cache_32
2013-03-30 17:34 . 2013-03-30 17:34 -------- d-----w- c:\windows\.soulsplit
2013-03-30 17:34 . 2013-03-30 17:34 -------- d-----w- c:\programdata\Ask
2013-03-30 17:34 . 2013-03-30 17:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-30 17:34 . 2013-03-30 17:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-30 17:34 . 2013-03-30 17:34 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-30 17:34 . 2013-03-30 17:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 17:34 . 2013-03-30 17:34 -------- d-----w- c:\program files (x86)\Java
2013-03-30 17:28 . 2013-03-30 17:28 -------- d-----w- c:\program files (x86)\Google
2013-03-30 16:31 . 2013-03-30 16:31 -------- d-----w- c:\programdata\Malwarebytes
2013-03-30 16:31 . 2013-03-30 16:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-30 16:31 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 15:54 . 2013-03-30 15:54 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-30 15:54 . 2013-03-30 15:54 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-03-30 15:54 . 2013-03-30 15:54 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-03-30 15:53 . 2013-03-30 16:27 -------- d-----w- c:\programdata\AVG2013
2013-03-30 15:53 . 2013-03-30 15:53 -------- d-----w- C:\$AVG
2013-03-30 15:53 . 2013-03-30 15:53 -------- d-----w- c:\program files (x86)\AVG
2013-03-30 15:51 . 2013-03-30 15:51 -------- d--h--w- c:\programdata\Common Files
2013-03-30 15:51 . 2013-03-31 16:54 -------- d-----w- c:\programdata\MFAData
2013-03-30 15:51 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-03-30 15:51 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-03-30 15:51 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-03-30 15:51 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-03-30 15:48 . 2013-03-30 15:48 -------- d-----w- c:\program files (x86)\OEM
2013-03-30 15:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-30 15:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-30 15:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-03-30 15:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-03-30 15:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-03-30 15:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-03-30 15:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-03-30 15:47 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-30 15:47 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-03-30 15:47 . 2013-03-30 17:35 -------- d-----w- c:\users\Son
2013-03-30 15:46 . 2013-03-30 15:46 -------- d-----w- C:\Recovery
2013-03-30 15:31 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-03-30 15:31 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-03-30 15:31 . 2013-03-30 15:31 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-03-30 15:31 . 2013-03-30 15:31 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2013-03-30 15:30 . 2013-03-30 15:32 -------- d-----w- c:\program files (x86)\Windows Live
2013-03-30 15:30 . 2013-03-30 15:30 -------- d-----w- c:\windows\PCHEALTH
2013-03-30 15:30 . 2013-03-30 15:30 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-03-30 15:20 . 2013-03-30 15:28 -------- d-----w- c:\programdata\CyberLink
2013-03-30 15:20 . 2013-03-30 15:20 -------- d-----w- c:\program files (x86)\Microsoft
2013-03-30 15:20 . 2013-03-30 15:20 -------- d-----w- c:\program files (x86)\MSN Toolbar
2013-03-30 15:19 . 2013-03-30 15:20 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2013-03-30 15:16 . 2013-03-30 15:16 -------- d---a-w- C:\book
2013-03-30 15:14 . 2013-03-30 15:14 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2013-03-30 15:11 . 2010-06-24 03:13 1251944 ----a-w- c:\windows\RtlExUpd.dll
2013-03-30 15:08 . 2013-03-30 15:08 -------- d-----w- c:\program files\Common Files\Intel
2013-03-30 15:08 . 2013-03-30 15:08 -------- d-----w- c:\program files (x86)\Common Files\Intel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 03:40 . 2013-02-27 03:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-02-14 07:52 . 2013-02-14 07:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-02-08 08:37 . 2013-02-08 08:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-02-08 08:37 . 2013-02-08 08:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-02-08 08:37 . 2013-02-08 08:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-02-08 08:37 . 2013-02-08 08:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-02-08 08:37 . 2013-02-08 08:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\Acer\Acer Touch Suite\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MDS_Menu"="c:\program files (x86)\Acer\Acer TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"TouchMovieService"="c:\program files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\TouchMovieService.exe" [2010-05-13 124136]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-03-30 1219248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-28 4937264]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-27 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-30 39768]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-02-19 1418184]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-03-30 990896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-30 17:28 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30 17:28]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30 17:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-05-06 153416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-02 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-02 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-09 11045480]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-09 2103912]
"TouchPortal"="c:\program files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe" [2010-07-08 436256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-31 14:04:37
ComboFix-quarantined-files.txt 2013-03-31 18:04
.
Pre-Run: 445,631,250,432 bytes free
Post-Run: 445,346,357,248 bytes free
.
- - End Of File - - 39B7E72659D1F89A739870A719706D02


Had no problems running it, other then having to disable my Anti-Virus (AVG) But it's all good. What's next?

#24 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 31 March 2013 - 02:20 PM



Hello Hijacked_Help


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo






William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#25 Hijacked_Help

Hijacked_Help

    New Member

  • Members
  • Pip
  • 15 posts

Posted 31 March 2013 - 02:49 PM

-TDSSKILLER- TOO LONG DELETED SOME


15:38:50.0167 1128 [ 89E3317708F167AE4BAE0000842C8CE7 ] C:\Windows\System32\UIHub.dll
15:38:50.0168 1128 C:\Windows\System32\UIHub.dll - ok
15:38:50.0171 1128 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:38:50.0171 1128 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
15:38:50.0173 1128 [ F32077DF74EFD435A1DCDF415E189DF1 ] C:\Windows\SysWOW64\mfc100u.dll
15:38:50.0173 1128 C:\Windows\SysWOW64\mfc100u.dll - ok
15:38:50.0177 1128 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\SysWOW64\Syncreg.dll
15:38:50.0177 1128 C:\Windows\SysWOW64\Syncreg.dll - ok
15:38:50.0181 1128 [ 622D95520182F6D3D05310D5810CA8B3 ] C:\Windows\SysWOW64\SearchIndexer.exe
15:38:50.0181 1128 C:\Windows\SysWOW64\SearchIndexer.exe - ok
15:38:50.0184 1128 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\msvcr71.dll
15:38:50.0184 1128 C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\msvcr71.dll - ok
15:38:50.0188 1128 [ 15F00DBCA9A868B4DDA651EC47798D5F ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
15:38:50.0188 1128 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
15:38:50.0193 1128 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
15:38:50.0193 1128 C:\Windows\System32\Syncreg.dll - ok
15:38:50.0196 1128 [ AD31942BDF3D594C404874613BC2FE4D ] C:\Windows\System32\SearchIndexer.exe
15:38:50.0196 1128 C:\Windows\System32\SearchIndexer.exe - ok
15:38:50.0200 1128 [ F4055BF49A90375FD7672A604F3B0B8E ] C:\Windows\SysWOW64\ActionCenter.dll
15:38:50.0200 1128 C:\Windows\SysWOW64\ActionCenter.dll - ok
15:38:50.0202 1128 [ 5B7EF79233382D0DF3D2C28DB453AEE9 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
15:38:50.0202 1128 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
15:38:50.0205 1128 [ 8BC00C736E67A75D936E5B440917359B ] C:\Windows\System32\ActionCenter.dll
15:38:50.0205 1128 C:\Windows\System32\ActionCenter.dll - ok
15:38:50.0209 1128 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\msvcp71.dll
15:38:50.0209 1128 C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\msvcp71.dll - ok
15:38:50.0213 1128 [ 2D1830A62EE573E1BFFCBCBEFDE921AF ] C:\Windows\SysWOW64\browcli.dll
15:38:50.0213 1128 C:\Windows\SysWOW64\browcli.dll - ok
15:38:50.0217 1128 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
15:38:50.0217 1128 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
15:38:50.0220 1128 [ 2862A3819BBC9757DD27BAC41A4E0A3E ] C:\Windows\SysWOW64\pnidui.dll
15:38:50.0220 1128 C:\Windows\SysWOW64\pnidui.dll - ok
15:38:50.0224 1128 [ 781BAB24F81C216FB02A6DB7BDBCA3A1 ] C:\Windows\System32\gfxSrvc.dll
15:38:50.0224 1128 C:\Windows\System32\gfxSrvc.dll - ok
15:38:50.0227 1128 [ 7C6A2CCF98024A5EF8740162701CE3E7 ] C:\Windows\SysWOW64\tquery.dll
15:38:50.0227 1128 C:\Windows\SysWOW64\tquery.dll - ok
15:38:50.0231 1128 [ 7F87FEBFBCEE844A080A76C83A1B013F ] C:\Windows\SysWOW64\schedcli.dll
15:38:50.0231 1128 C:\Windows\SysWOW64\schedcli.dll - ok
15:38:50.0234 1128 [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll
15:38:50.0234 1128 C:\Windows\System32\pnidui.dll - ok
15:38:50.0238 1128 [ F908FE45F8FE9E0D4CBE65F9FF5DF6DA ] C:\Windows\SysWOW64\mfc100enu.dll
15:38:50.0238 1128 C:\Windows\SysWOW64\mfc100enu.dll - ok
15:38:50.0241 1128 [ 0D5CC53EAA50F56AB171F91E7E995176 ] C:\Program Files (x86)\EgisTec IPS\LiveUpdateUI.dll
15:38:50.0241 1128 C:\Program Files (x86)\EgisTec IPS\LiveUpdateUI.dll - ok
15:38:50.0245 1128 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
15:38:50.0245 1128 C:\Windows\SysWOW64\shfolder.dll - ok
15:38:50.0248 1128 [ 0CE7A0FFBBA93810384B6794C6901F4C ] C:\Windows\SysWOW64\mssrch.dll
15:38:50.0248 1128 C:\Windows\SysWOW64\mssrch.dll - ok
15:38:50.0252 1128 [ 45F0F12A11861CE0FB682B87A310FE41 ] C:\Windows\SysWOW64\QUTIL.DLL
15:38:50.0252 1128 C:\Windows\SysWOW64\QUTIL.DLL - ok
15:38:50.0254 1128 [ 05E265383710D6135A248DEED73CD59E ] C:\Windows\System32\wbem\en-US\cimwin32.dll.mui
15:38:50.0254 1128 C:\Windows\System32\wbem\en-US\cimwin32.dll.mui - ok
15:38:50.0258 1128 [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL
15:38:50.0258 1128 C:\Windows\System32\QUTIL.DLL - ok
15:38:50.0261 1128 [ 31C2ADCC585BF23219EAC12923EC4B8C ] C:\Windows\SysWOW64\msxml3r.dll
15:38:50.0261 1128 C:\Windows\SysWOW64\msxml3r.dll - ok
15:38:50.0265 1128 [ 53EC01707439C113AA7B495FFB24A0AB ] C:\Windows\SysWOW64\en-US\SearchIndexer.exe.mui
15:38:50.0265 1128 C:\Windows\SysWOW64\en-US\SearchIndexer.exe.mui - ok
15:38:50.0267 1128 [ 439509D86940BD613C5D25FC44F39263 ] C:\Windows\System32\IGFXDEVLib.dll
15:38:50.0267 1128 C:\Windows\System32\IGFXDEVLib.dll - ok
15:38:50.0271 1128 [ 7849250D8EC5FEEA33A3C37331F56793 ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\dmres.dll
15:38:50.0271 1128 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\dmres.dll - ok
15:38:50.0275 1128 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
15:38:50.0275 1128 C:\Windows\ehome\ehSSO.dll - ok
15:38:50.0277 1128 [ 98E9CB23C8E9A8A0E5CEBC8EEF07F3C1 ] C:\Windows\SysWOW64\igdumdx32.dll
15:38:50.0277 1128 C:\Windows\SysWOW64\igdumdx32.dll - ok
15:38:50.0281 1128 [ 6EDBF91C10EE47AC4AC1C58E71F0245A ] C:\Program Files (x86)\AVG\AVG2013\avgkrnlapix.dll
15:38:50.0281 1128 C:\Program Files (x86)\AVG\AVG2013\avgkrnlapix.dll - ok
15:38:50.0284 1128 [ F5EB1E039498D6F1D106E96CE7C1F3C6 ] C:\Windows\SysWOW64\WPDShServiceObj.dll
15:38:50.0284 1128 C:\Windows\SysWOW64\WPDShServiceObj.dll - ok
15:38:50.0286 1128 [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll
15:38:50.0286 1128 C:\Windows\System32\WPDShServiceObj.dll - ok
15:38:50.0290 1128 [ 8413A4BD6E2F7224E6378EC22E3E3875 ] C:\Windows\System32\igdumd64.dll
15:38:50.0290 1128 C:\Windows\System32\igdumd64.dll - ok
15:38:50.0294 1128 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\SysWOW64\msidle.dll
15:38:50.0294 1128 C:\Windows\SysWOW64\msidle.dll - ok
15:38:50.0296 1128 [ 8F1BAE0A35F3ED80C0859BF05E4EF6ED ] C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll
15:38:50.0296 1128 C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll - ok
15:38:50.0298 1128 [ C0A9D2F9B548C7DC3750D513566A31FE ] C:\Program Files (x86)\EgisTec IPS\LicenseCenter.dll
15:38:50.0298 1128 C:\Program Files (x86)\EgisTec IPS\LicenseCenter.dll - ok
15:38:50.0302 1128 [ 8A5BCAA97D2ADA3E11E5D5B13A870982 ] C:\Program Files (x86)\EgisTec IPS\UpdateModel.dll
15:38:50.0302 1128 C:\Program Files (x86)\EgisTec IPS\UpdateModel.dll - ok
15:38:50.0305 1128 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\SysWOW64\en-US\tquery.dll.mui
15:38:50.0305 1128 C:\Windows\SysWOW64\en-US\tquery.dll.mui - ok
15:38:50.0308 1128 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
15:38:50.0308 1128 C:\Windows\System32\FXSST.dll - ok
15:38:50.0311 1128 [ 304D35722507447B133CBD606A020850 ] C:\Windows\SysWOW64\igdumd32.dll
15:38:50.0311 1128 C:\Windows\SysWOW64\igdumd32.dll - ok
15:38:50.0315 1128 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\SysWOW64\FXSAPI.dll
15:38:50.0315 1128 C:\Windows\SysWOW64\FXSAPI.dll - ok
15:38:50.0318 1128 [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
15:38:50.0318 1128 C:\Windows\System32\framedynos.dll - ok
15:38:50.0321 1128 [ 34E6D8C67E7FD7C917BECFECA326B168 ] C:\Windows\System32\FXSAPI.dll
15:38:50.0321 1128 C:\Windows\System32\FXSAPI.dll - ok
15:38:50.0325 1128 [ 031C6782F2D50336FC2C72F8D14A4C13 ] C:\Windows\System32\wbem\wmiprov.dll
15:38:50.0325 1128 C:\Windows\System32\wbem\wmiprov.dll - ok
15:38:50.0328 1128 [ 205B7034B64DE5A68DEB96B47B7E889B ] C:\Windows\SysWOW64\mscms.dll
15:38:50.0328 1128 C:\Windows\SysWOW64\mscms.dll - ok
15:38:50.0331 1128 [ 5F16C07CFA97228DB5AC98D61D770827 ] C:\Windows\SysWOW64\imapi2.dll
15:38:50.0331 1128 C:\Windows\SysWOW64\imapi2.dll - ok
15:38:50.0334 1128 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\SysWOW64\FXSRESM.dll
15:38:50.0334 1128 C:\Windows\SysWOW64\FXSRESM.dll - ok
15:38:50.0337 1128 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
15:38:50.0337 1128 C:\Windows\System32\FXSRESM.dll - ok
15:38:50.0339 1128 [ 9B7221AA291A7BCB581E5A601BFCA8C3 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\1fb1b14199d6aec70df1a0626a3ae5f2\System.Xml.ni.dll
15:38:50.0339 1128 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\1fb1b14199d6aec70df1a0626a3ae5f2\System.Xml.ni.dll - ok
15:38:50.0343 1128 [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll
15:38:50.0343 1128 C:\Windows\System32\imapi2.dll - ok
15:38:50.0347 1128 [ 2D15C41214F518FC3C72A4C01C30882F ] C:\Windows\SysWOW64\bthprops.cpl
15:38:50.0347 1128 C:\Windows\SysWOW64\bthprops.cpl - ok
15:38:50.0350 1128 [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl
15:38:50.0350 1128 C:\Windows\System32\bthprops.cpl - ok
15:38:50.0354 1128 [ 411356B3DAF2C8BA1E325F976B60F9B6 ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
15:38:50.0354 1128 C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll - ok
15:38:50.0358 1128 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\SysWOW64\wbem\esscli.dll
15:38:50.0358 1128 C:\Windows\SysWOW64\wbem\esscli.dll - ok
15:38:50.0361 1128 [ 9EED448E2C6306BFD8B2B19063FC21A1 ] C:\Program Files (x86)\AVG\AVG2013\avgidpmx.dll
15:38:50.0361 1128 C:\Program Files (x86)\AVG\AVG2013\avgidpmx.dll - ok
15:38:50.0365 1128 [ D4C438883154C3D082FB2E629191C45F ] C:\Windows\SysWOW64\srchadmin.dll
15:38:50.0365 1128 C:\Windows\SysWOW64\srchadmin.dll - ok
15:38:50.0368 1128 [ 1FDFC4E9E7405E08FCFF224B49359D61 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\907b2b3dae591e0484acfc0ea63e8caa\System.Configuration.ni.dll
15:38:50.0369 1128 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\907b2b3dae591e0484acfc0ea63e8caa\System.Configuration.ni.dll - ok
15:38:50.0372 1128 [ EFBC1DD333C99CA52A1371C74D4BA7A7 ] C:\Windows\SysWOW64\vssapi.dll
15:38:50.0372 1128 C:\Windows\SysWOW64\vssapi.dll - ok
15:38:50.0375 1128 [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll
15:38:50.0375 1128 C:\Windows\System32\srchadmin.dll - ok
15:38:50.0379 1128 [ 39E9AACC4C5FB3C3C0B12DE6D491553D ] C:\Windows\SysWOW64\WindowsCodecsExt.dll
15:38:50.0379 1128 C:\Windows\SysWOW64\WindowsCodecsExt.dll - ok
15:38:50.0383 1128 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] C:\Windows\System32\FXSSVC.exe
15:38:50.0383 1128 C:\Windows\System32\FXSSVC.exe - ok
15:38:50.0386 1128 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\SysWOW64\vsstrace.dll
15:38:50.0386 1128 C:\Windows\SysWOW64\vsstrace.dll - ok
15:38:50.0389 1128 [ 80C834BA6B844C4B717F2465C4E8EC0F ] C:\Windows\System32\WindowsCodecsExt.dll
15:38:50.0390 1128 C:\Windows\System32\WindowsCodecsExt.dll - ok
15:38:50.0393 1128 [ F343D80C26B3BDFCA8066BD5FD397E73 ] C:\Windows\SysWOW64\en-US\vsstrace.dll.mui
15:38:50.0393 1128 C:\Windows\SysWOW64\en-US\vsstrace.dll.mui - ok
15:38:50.0397 1128 [ 2FEF21EEE9934BB10165AA02E530183C ] C:\Program Files (x86)\AVG\AVG2013\avglngx.dll
15:38:50.0397 1128 C:\Program Files (x86)\AVG\AVG2013\avglngx.dll - ok
15:38:50.0400 1128 [ 816B681CC308FAA128EDCB90643DCED7 ] C:\Windows\SysWOW64\icm32.dll
15:38:50.0400 1128 C:\Windows\SysWOW64\icm32.dll - ok
15:38:50.0403 1128 [ 1D296F090ED401967B30BD2B970DC306 ] C:\Windows\System32\icm32.dll
15:38:50.0404 1128 C:\Windows\System32\icm32.dll - ok
15:38:50.0407 1128 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\SysWOW64\rasdlg.dll
15:38:50.0407 1128 C:\Windows\SysWOW64\rasdlg.dll - ok
15:38:50.0411 1128 [ F87A7BB428E4AC68D348DF600F1EA1A2 ] C:\Windows\System32\tquery.dll
15:38:50.0411 1128 C:\Windows\System32\tquery.dll - ok
15:38:50.0414 1128 [ 859CCB2DF98EF1548C70E2D2B34001C8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\76290827c2b696a500a7f59a2cdb51d8\WindowsFormsIntegration.ni.dll
15:38:50.0414 1128 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\76290827c2b696a500a7f59a2cdb51d8\WindowsFormsIntegration.ni.dll - ok
15:38:50.0418 1128 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
15:38:50.0418 1128 C:\Windows\System32\rasdlg.dll - ok
15:38:50.0421 1128 [ 1384E081DCC7F44F524C24256C25F706 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\8e063806944330786c030e486a6f4dbd\PresentationFramework.Aero.ni.dll
15:38:50.0422 1128 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\8e063806944330786c030e486a6f4dbd\PresentationFramework.Aero.ni.dll - ok
15:38:50.0425 1128 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
15:38:50.0426 1128 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
15:38:50.0429 1128 [ 78A6501E4E37118C568A606623A275BB ] C:\Windows\System32\mssrch.dll
15:38:50.0429 1128 C:\Windows\System32\mssrch.dll - ok
15:38:50.0433 1128 [ 12395E528456DFE82979ACFEA96D290C ] C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui
15:38:50.0433 1128 C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui - ok
15:38:50.0436 1128 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
15:38:50.0436 1128 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
15:38:50.0440 1128 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
15:38:50.0440 1128 C:\Windows\SysWOW64\wlanutil.dll - ok
15:38:50.0444 1128 [ ECE9B82C7696AD211F9BD64E41DF598B ] C:\Program Files (x86)\AVG\AVG2013\avguires.dll
15:38:50.0444 1128 C:\Program Files (x86)\AVG\AVG2013\avguires.dll - ok
15:38:50.0447 1128 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\SysWOW64\WWanAPI.dll
15:38:50.0447 1128 C:\Windows\SysWOW64\WWanAPI.dll - ok
15:38:50.0450 1128 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
15:38:50.0450 1128 C:\Windows\System32\WWanAPI.dll - ok
15:38:50.0454 1128 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\SysWOW64\wwapi.dll
15:38:50.0454 1128 C:\Windows\SysWOW64\wwapi.dll - ok
15:38:50.0457 1128 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
15:38:50.0458 1128 C:\Windows\System32\msidle.dll - ok
15:38:50.0461 1128 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
15:38:50.0461 1128 C:\Windows\System32\wwapi.dll - ok
15:38:50.0465 1128 [ 6F743071BA9C86EFE805152B45B9EC35 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\10f1e1ffca16e550af8a8fd7685a48ef\System.Drawing.ni.dll
15:38:50.0465 1128 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\10f1e1ffca16e550af8a8fd7685a48ef\System.Drawing.ni.dll - ok
15:38:50.0468 1128 [ 730E90935150048A4E5F392FCDD49DA3 ] C:\Program Files (x86)\AVG\AVG2013\avgapps.dll
15:38:50.0468 1128 C:\Program Files (x86)\AVG\AVG2013\avgapps.dll - ok
15:38:50.0472 1128 [ 99BD4B9B15A823A6C46B561329178122 ] C:\Windows\SysWOW64\QAGENT.DLL
15:38:50.0472 1128 C:\Windows\SysWOW64\QAGENT.DLL - ok
15:38:50.0475 1128 [ E898B024C5406C4A067FA26D5DE0E6DF ] C:\Windows\SysWOW64\wmp.dll
15:38:50.0475 1128 C:\Windows\SysWOW64\wmp.dll - ok
15:38:50.0479 1128 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
15:38:50.0479 1128 C:\Windows\System32\mssprxy.dll - ok
15:38:50.0482 1128 [ E26C32401A6CC046C7AEFAE3A287D842 ] C:\Windows\SysWOW64\en-US\wmploc.DLL.mui
15:38:50.0482 1128 C:\Windows\SysWOW64\en-US\wmploc.DLL.mui - ok
15:38:50.0486 1128 [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL
15:38:50.0486 1128 C:\Windows\System32\QAGENT.DLL - ok
15:38:50.0489 1128 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
15:38:50.0489 1128 C:\Windows\System32\en-US\tquery.dll.mui - ok
15:38:50.0493 1128 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\SysWOW64\pcwum.dll
15:38:50.0493 1128 C:\Windows\SysWOW64\pcwum.dll - ok
15:38:50.0497 1128 [ 9BF014C20F91D97055532F2F5496E7BD ] C:\Program Files\Windows Media Player\wmpnetwk.exe
15:38:50.0497 1128 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
15:38:50.0500 1128 [ 833FBB672460EFCE8011D262175FAD33 ] C:\Windows\SysWOW64\upnphost.dll
15:38:50.0500 1128 C:\Windows\SysWOW64\upnphost.dll - ok
15:38:50.0504 1128 [ 89ED7C028A487340B7D93D5A38FDCB54 ] C:\Windows\SysWOW64\SearchProtocolHost.exe
15:38:50.0504 1128 C:\Windows\SysWOW64\SearchProtocolHost.exe - ok
15:38:50.0508 1128 [ 177DF28315BF4300ECB5CBEEEE961292 ] C:\Windows\SysWOW64\webcheck.dll
15:38:50.0508 1128 C:\Windows\SysWOW64\webcheck.dll - ok
15:38:50.0511 1128 [ 42EC9065D9BF266ADE924B066C783A56 ] C:\Windows\System32\SearchProtocolHost.exe
15:38:50.0511 1128 C:\Windows\System32\SearchProtocolHost.exe - ok
15:38:50.0515 1128 [ D7D7EB64B7DE14A783329805E5AC0031 ] C:\Windows\System32\webcheck.dll
15:38:50.0515 1128 C:\Windows\System32\webcheck.dll - ok
15:38:50.0518 1128 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
15:38:50.0518 1128 C:\Windows\SysWOW64\mlang.dll - ok
15:38:50.0522 1128 [ DE76461D3E5EBE1C762967D21C17B8C0 ] C:\Windows\SysWOW64\wmdrmdev.dll
15:38:50.0522 1128 C:\Windows\SysWOW64\wmdrmdev.dll - ok
15:38:50.0525 1128 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
15:38:50.0525 1128 C:\Windows\System32\mlang.dll - ok
15:38:50.0528 1128 [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\SysWOW64\drmv2clt.dll
15:38:50.0529 1128 C:\Windows\SysWOW64\drmv2clt.dll - ok
15:38:50.0532 1128 [ 8C7FE6B9559204765849BFF308764FA5 ] C:\Windows\SysWOW64\SyncCenter.dll
15:38:50.0532 1128 C:\Windows\SysWOW64\SyncCenter.dll - ok
15:38:50.0535 1128 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\SysWOW64\msshooks.dll
15:38:50.0535 1128 C:\Windows\SysWOW64\msshooks.dll - ok
15:38:50.0539 1128 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
15:38:50.0539 1128 C:\Windows\System32\msshooks.dll - ok
15:38:50.0542 1128 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\SysWOW64\mfplat.dll
15:38:50.0543 1128 C:\Windows\SysWOW64\mfplat.dll - ok
15:38:50.0546 1128 [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll
15:38:50.0546 1128 C:\Windows\System32\SyncCenter.dll - ok
15:38:50.0549 1128 [ 8A674F9AB20B4937357BF6F5A0938EBF ] C:\Windows\SysWOW64\SearchFilterHost.exe
15:38:50.0549 1128 C:\Windows\SysWOW64\SearchFilterHost.exe - ok
15:38:50.0553 1128 [ DE92625114A5A02C715F7E03CA3F6016 ] C:\Windows\SysWOW64\blackbox.dll
15:38:50.0553 1128 C:\Windows\SysWOW64\blackbox.dll - ok
15:38:50.0556 1128 [ 52D56D1013D4F1B99102679314CC5325 ] C:\Windows\System32\SearchFilterHost.exe
15:38:50.0556 1128 C:\Windows\System32\SearchFilterHost.exe - ok
15:38:50.0559 1128 [ 7372A79A5F906CD959A74A32E6FEDB1F ] C:\Windows\SysWOW64\upnp.dll
15:38:50.0559 1128 C:\Windows\SysWOW64\upnp.dll - ok
15:38:50.0562 1128 [ 8CC4ECA2177510674DB92BB8F1CEBBEE ] C:\Windows\SysWOW64\hgcpl.dll
15:38:50.0562 1128 C:\Windows\SysWOW64\hgcpl.dll - ok
15:38:50.0566 1128 [ 9DA78C1F1F15CE5424EDF18CE4728C01 ] C:\Windows\SysWOW64\wmpps.dll
15:38:50.0566 1128 C:\Windows\SysWOW64\wmpps.dll - ok
15:38:50.0569 1128 [ AB303E17CD72B3A65AE0E5CDA80307F0 ] C:\Windows\SysWOW64\wmpmde.dll
15:38:50.0569 1128 C:\Windows\SysWOW64\wmpmde.dll - ok
15:38:50.0571 1128 [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll
15:38:50.0571 1128 C:\Windows\System32\hgcpl.dll - ok
15:38:50.0575 1128 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
15:38:50.0575 1128 C:\Windows\SysWOW64\devenum.dll - ok
15:38:50.0577 1128 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] C:\Windows\SysWOW64\provsvc.dll
15:38:50.0577 1128 C:\Windows\SysWOW64\provsvc.dll - ok
15:38:50.0581 1128 [ 01C7F6D51C93148D2B74B34C4D29FD0E ] C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui
15:38:50.0581 1128 C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui - ok
15:38:50.0583 1128 [ 32AAEABFF6299834E5D38C3A442CCF36 ] C:\Windows\SysWOW64\mssph.dll
15:38:50.0583 1128 C:\Windows\SysWOW64\mssph.dll - ok
15:38:50.0587 1128 [ ABDBABE3A7D2222B3A0DB1B8B9CAD16E ] C:\Windows\System32\mssph.dll
15:38:50.0587 1128 C:\Windows\System32\mssph.dll - ok
15:38:50.0590 1128 [ 000B3A704234C202D4D788A171B02243 ] C:\Windows\SysWOW64\mapi32.dll
15:38:50.0590 1128 C:\Windows\SysWOW64\mapi32.dll - ok
15:38:50.0594 1128 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\SysWOW64\ssdpapi.dll
15:38:50.0594 1128 C:\Windows\SysWOW64\ssdpapi.dll - ok
15:38:50.0598 1128 [ 89F4D0DD6606A2FE15931E6888DBBC8D ] C:\Windows\SysWOW64\stdole2.tlb
15:38:50.0598 1128 C:\Windows\SysWOW64\stdole2.tlb - ok
15:38:50.0601 1128 [ 2A556E2D703DED03186C596B90AC6869 ] C:\Windows\System32\mapi32.dll
15:38:50.0601 1128 C:\Windows\System32\mapi32.dll - ok
15:38:50.0605 1128 [ 9EA9D567B250EA92BA333F8B26646610 ] C:\Program Files\Internet Explorer\ieproxy.dll
15:38:50.0605 1128 C:\Program Files\Internet Explorer\ieproxy.dll - ok
15:38:50.0608 1128 [ 8E33E2B24306C5249154322BC99493F5 ] C:\Windows\SysWOW64\httpapi.dll
15:38:50.0609 1128 C:\Windows\SysWOW64\httpapi.dll - ok
15:38:50.0611 1128 [ 25FC9E3237D9DC8F7511AF13E70C49BC ] C:\Windows\SysWOW64\MSMPEG2ENC.DLL
15:38:50.0611 1128 C:\Windows\SysWOW64\MSMPEG2ENC.DLL - ok
15:38:50.0614 1128 [ 70F03B29A62194E69911952B3640D9D2 ] C:\Windows\SysWOW64\msdmo.dll
15:38:50.0614 1128 C:\Windows\SysWOW64\msdmo.dll - ok
15:38:50.0618 1128 [ 5B5A3218962C2BEA0E80788BD345D29A ] C:\Windows\SysWOW64\en-US\FirewallAPI.dll.mui
15:38:50.0618 1128 C:\Windows\SysWOW64\en-US\FirewallAPI.dll.mui - ok
15:38:50.0621 1128 [ 2D5AFA7F81D3EE061990E78613357C14 ] C:\Windows\SysWOW64\en-US\urlmon.dll.mui
15:38:50.0621 1128 C:\Windows\SysWOW64\en-US\urlmon.dll.mui - ok
15:38:50.0623 1128 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
15:38:50.0623 1128 C:\Windows\System32\wsock32.dll - ok
15:38:50.0625 1128 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
15:38:50.0625 1128 C:\Windows\System32\fdPHost.dll - ok
15:38:50.0629 1128 [ 302B93586DFA480545C320EBA5BA6572 ] C:\Windows\System32\wmdrmdev.dll
15:38:50.0629 1128 C:\Windows\System32\wmdrmdev.dll - ok
15:38:50.0631 1128 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
15:38:50.0631 1128 C:\Windows\System32\drmv2clt.dll - ok
15:38:50.0634 1128 [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\SysWOW64\fdWSD.dll
15:38:50.0635 1128 C:\Windows\SysWOW64\fdWSD.dll - ok
15:38:50.0638 1128 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
15:38:50.0638 1128 C:\Windows\System32\fdWSD.dll - ok
15:38:50.0640 1128 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
15:38:50.0640 1128 C:\Windows\System32\mfplat.dll - ok
15:38:50.0644 1128 [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\SysWOW64\fdSSDP.dll
15:38:50.0644 1128 C:\Windows\SysWOW64\fdSSDP.dll - ok
15:38:50.0647 1128 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
15:38:50.0647 1128 C:\Windows\System32\fdSSDP.dll - ok
15:38:50.0649 1128 [ 4F20D081F9C9B91730EE5CB84E9AC8C4 ] C:\Windows\System32\blackbox.dll
15:38:50.0649 1128 C:\Windows\System32\blackbox.dll - ok
15:38:50.0653 1128 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\SysWOW64\fdProxy.dll
15:38:50.0653 1128 C:\Windows\SysWOW64\fdProxy.dll - ok
15:38:50.0656 1128 [ DB8BF64BE3932ADC407505D21C4F2C2C ] C:\Windows\System32\fdProxy.dll
15:38:50.0656 1128 C:\Windows\System32\fdProxy.dll - ok
15:38:50.0660 1128 [ 46EA507EE79269C0272F10BFBE9316C9 ] C:\Windows\System32\upnp.dll
15:38:50.0660 1128 C:\Windows\System32\upnp.dll - ok
15:38:50.0663 1128 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
15:38:50.0663 1128 C:\Windows\System32\ssdpsrv.dll - ok
15:38:50.0667 1128 [ 046B2673767CA626E2CFB7FDF735E9E8 ] C:\Windows\System32\ListSvc.dll
15:38:50.0667 1128 C:\Windows\System32\ListSvc.dll - ok
15:38:50.0670 1128 [ 08DF1B8C9C0754A7069E80A986373F52 ] C:\Windows\SysWOW64\P2P.dll
15:38:50.0670 1128 C:\Windows\SysWOW64\P2P.dll - ok
15:38:50.0674 1128 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
15:38:50.0674 1128 C:\Windows\System32\IdListen.dll - ok
15:38:50.0677 1128 [ B9C7F88D85369548A69F2EDD1A40441E ] C:\Windows\System32\hgprint.dll
15:38:50.0678 1128 C:\Windows\System32\hgprint.dll - ok
15:38:50.0681 1128 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
15:38:50.0681 1128 C:\Windows\System32\P2P.dll - ok
15:38:50.0684 1128 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\SysWOW64\p2pcollab.dll
15:38:50.0684 1128 C:\Windows\SysWOW64\p2pcollab.dll - ok
15:38:50.0688 1128 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
15:38:50.0688 1128 C:\Windows\System32\pnrpsvc.dll - ok
15:38:50.0691 1128 [ FBC18BEE67E9179F02E7894EB548F18D ] C:\Windows\SysWOW64\en-US\svchost.exe.mui
15:38:50.0691 1128 C:\Windows\SysWOW64\en-US\svchost.exe.mui - ok
15:38:50.0695 1128 [ FC20E8E70AE0E2A521EA11B63AFF63BC ] C:\Windows\SysWOW64\en-US\crypt32.dll.mui
15:38:50.0695 1128 C:\Windows\SysWOW64\en-US\crypt32.dll.mui - ok
15:38:50.0698 1128 [ C486E495C352FD6CA5168A1050F1A828 ] C:\Windows\SysWOW64\en-US\p2pcollab.dll.mui
15:38:50.0698 1128 C:\Windows\SysWOW64\en-US\p2pcollab.dll.mui - ok
15:38:50.0702 1128 [ DA4F4927E92DC21B14A42EE59F7038D4 ] C:\Windows\SysWOW64\en-US\dnsapi.dll.mui
15:38:50.0702 1128 C:\Windows\SysWOW64\en-US\dnsapi.dll.mui - ok
15:38:50.0705 1128 [ CC6975CAC67B3112C8059A64713BF232 ] C:\Windows\SysWOW64\en-US\QAgentRT.dll.mui
15:38:50.0705 1128 C:\Windows\SysWOW64\en-US\QAgentRT.dll.mui - ok
15:38:50.0709 1128 [ D7BB0BA60B5910CBD644FBF8526AA936 ] C:\Windows\System32\en-US\fveui.dll.mui
15:38:50.0709 1128 C:\Windows\System32\en-US\fveui.dll.mui - ok
15:38:50.0713 1128 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
15:38:50.0713 1128 C:\Windows\System32\p2psvc.dll - ok
15:38:50.0716 1128 [ AD888613E7BE5CCD7BF25CA8EBDA4E7C ] C:\Windows\System32\wmp.dll
15:38:50.0716 1128 C:\Windows\System32\wmp.dll - ok
15:38:50.0719 1128 [ 1372E8E8FD066002131E3D509275E697 ] C:\Windows\SysWOW64\P2PGraph.dll
15:38:50.0719 1128 C:\Windows\SysWOW64\P2PGraph.dll - ok
15:38:50.0723 1128 [ 937FE1D6BBD29A35139746E93806D7EF ] C:\Windows\System32\en-US\p2psvc.dll.mui
15:38:50.0723 1128 C:\Windows\System32\en-US\p2psvc.dll.mui - ok
15:38:50.0727 1128 [ D62840B33B87BC2ED8D7060D7C66096C ] C:\Windows\System32\wmploc.DLL
15:38:50.0727 1128 C:\Windows\System32\wmploc.DLL - ok
15:38:50.0730 1128 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
15:38:50.0730 1128 C:\Windows\System32\P2PGraph.dll - ok
15:38:50.0734 1128 [ 2D444C361F758D6CC4B2F51655ECF528 ] C:\Windows\System32\wmpps.dll
15:38:50.0734 1128 C:\Windows\System32\wmpps.dll - ok
15:38:50.0737 1128 [ AF5D4C95BCF1C002461637E5DDA95609 ] C:\Windows\System32\wmpmde.dll
15:38:50.0737 1128 C:\Windows\System32\wmpmde.dll - ok
15:38:50.0740 1128 [ EC7EB038EA11E0D04214D143E0CB6002 ] C:\Windows\System32\WinSATAPI.dll
15:38:50.0742 1128 C:\Windows\System32\WinSATAPI.dll - ok
15:38:50.0744 1128 [ 2BF5A09197251572A74C426EE3E35117 ] C:\Windows\System32\MSMPEG2ENC.DLL
15:38:50.0744 1128 C:\Windows\System32\MSMPEG2ENC.DLL - ok
15:38:50.0747 1128 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
15:38:50.0747 1128 C:\Windows\System32\devenum.dll - ok
15:38:50.0751 1128 [ 0B0604BC02CA5F77A1F23C6B0D86AE8C ] C:\Windows\System32\msdmo.dll
15:38:50.0751 1128 C:\Windows\System32\msdmo.dll - ok
15:38:50.0754 1128 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
15:38:50.0754 1128 C:\Windows\System32\upnphost.dll - ok
15:38:50.0758 1128 [ 98417DB5BF5777BC6C60D7317CB781C4 ] C:\Windows\System32\msxml3.dll
15:38:50.0758 1128 C:\Windows\System32\msxml3.dll - ok
15:38:50.0761 1128 [ 230EA9ABBC3432CDE388F4891E76E867 ] C:\Windows\SysWOW64\udhisapi.dll
15:38:50.0761 1128 C:\Windows\SysWOW64\udhisapi.dll - ok
15:38:50.0765 1128 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
15:38:50.0765 1128 C:\Windows\System32\udhisapi.dll - ok
15:38:50.0769 1128 [ C88E03805311A599F22B00015AA0F548 ] C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\SiteSafety.dll
15:38:50.0769 1128 C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\SiteSafety.dll - ok
15:38:50.0773 1128 [ F5818C723320704BA25D580F61ABD772 ] C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.0.0\avgdttbx.dll
15:38:50.0773 1128 C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\15.0.0\avgdttbx.dll - ok
15:38:50.0777 1128 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\SysWOW64\drprov.dll
15:38:50.0777 1128 C:\Windows\SysWOW64\drprov.dll - ok
15:38:50.0781 1128 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
15:38:50.0781 1128 C:\Windows\System32\drprov.dll - ok
15:38:50.0784 1128 [ 06018B349666595970E15397E78A0D77 ] C:\Windows\SysWOW64\ntlanman.dll
15:38:50.0784 1128 C:\Windows\SysWOW64\ntlanman.dll - ok
15:38:50.0787 1128 [ 7273921B6DDFEFF3A8567B9800C5673A ] C:\Windows\System32\ntlanman.dll
15:38:50.0788 1128 C:\Windows\System32\ntlanman.dll - ok
15:38:50.0791 1128 [ 44F7AC99B73AF64884A67F17D9E0A773 ] C:\Windows\SysWOW64\davclnt.dll
15:38:50.0791 1128 C:\Windows\SysWOW64\davclnt.dll - ok
15:38:50.0794 1128 [ 016544B452E6FDB54CD108D0248DB2B1 ] C:\Windows\System32\davclnt.dll
15:38:50.0794 1128 C:\Windows\System32\davclnt.dll - ok
15:38:50.0798 1128 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\SysWOW64\davhlpr.dll
15:38:50.0798 1128 C:\Windows\SysWOW64\davhlpr.dll - ok
15:38:50.0801 1128 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
15:38:50.0801 1128 C:\Windows\System32\davhlpr.dll - ok
15:38:50.0805 1128 [ 0A53FD4EBBD92002CCC362A9B8087885 ] C:\Windows\SysWOW64\schannel.dll
15:38:50.0805 1128 C:\Windows\SysWOW64\schannel.dll - ok
15:38:50.0809 1128 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
15:38:50.0809 1128 C:\Windows\System32\dssenh.dll - ok
15:38:50.0812 1128 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\SysWOW64\dssenh.dll
15:38:50.0812 1128 C:\Windows\SysWOW64\dssenh.dll - ok
15:38:50.0816 1128 [ 68F6725B4A59E16C04B3F3AC514D6724 ] C:\Program Files (x86)\AVG\AVG2013\fixcfg.exe
15:38:50.0816 1128 C:\Program Files (x86)\AVG\AVG2013\fixcfg.exe - ok
15:38:50.0819 1128 [ AA3B91B70E79BCE70AD3B190789B9574 ] C:\Windows\SysWOW64\drttransport.dll
15:38:50.0819 1128 C:\Windows\SysWOW64\drttransport.dll - ok
15:38:50.0823 1128 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
15:38:50.0823 1128 C:\Windows\System32\drttransport.dll - ok
15:38:50.0827 1128 [ EE29FCC244C8033E2F748D863DCBF378 ] C:\Windows\SysWOW64\drt.dll
15:38:50.0827 1128 C:\Windows\SysWOW64\drt.dll - ok
15:38:50.0831 1128 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
15:38:50.0831 1128 C:\Windows\System32\drt.dll - ok
15:38:50.0835 1128 [ 139677BB4CA72DBB99FDF80E74FA0B95 ] C:\Program Files\Windows Media Player\WMPMediaSharing.dll
15:38:50.0835 1128 C:\Program Files\Windows Media Player\WMPMediaSharing.dll - ok
15:38:50.0838 1128 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\SysWOW64\UIAnimation.dll
15:38:50.0839 1128 C:\Windows\SysWOW64\UIAnimation.dll - ok
15:38:50.0842 1128 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
15:38:50.0842 1128 C:\Windows\System32\UIAnimation.dll - ok
15:38:50.0846 1128 [ B0BF698030DB6561393AE753C6D3F936 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
15:38:50.0846 1128 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - ok
15:38:50.0850 1128 [ 27352AAC3B0CCE5C325CEC3BE4D83A9B ] C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\chrome.dll
15:38:50.0850 1128 C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\chrome.dll - ok
15:38:50.0854 1128 [ 20B2FD7BA7B16B5B0297062F2DDE5296 ] C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\icudt.dll
15:38:50.0854 1128 C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\icudt.dll - ok
15:38:50.0858 1128 [ 236360CE5E4C3F063AC110533747C0A8 ] C:\Windows\SysWOW64\Wpc.dll
15:38:50.0858 1128 C:\Windows\SysWOW64\Wpc.dll - ok
15:38:50.0861 1128 [ 5BF8E37FA1E25227480F9CD2ACA21FB6 ] C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\d3dcompiler_46.dll
15:38:50.0861 1128 C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\d3dcompiler_46.dll - ok
15:38:50.0865 1128 [ 6FF1689E63D2EBCAB1456EC19F6C2C7C ] C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
15:38:50.0865 1128 C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll - ok
15:38:50.0870 1128 [ 9159A49B13B5D4DA262415D87A5F7212 ] C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll
15:38:50.0870 1128 C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll - ok
15:38:50.0873 1128 [ 1F27643C4C626457FCE8F047AE1CD7E1 ] C:\Windows\SysWOW64\dxva2.dll
15:38:50.0873 1128 C:\Windows\SysWOW64\dxva2.dll - ok
15:38:50.0876 1128 [ 80EFBCAFBD26956B69EE9CEFC93423B0 ] C:\Windows\SysWOW64\mf.dll
15:38:50.0876 1128 C:\Windows\SysWOW64\mf.dll - ok
15:38:50.0879 1128 [ 3DE43BFDAF3F8979699650202AA18B12 ] C:\Windows\SysWOW64\msmpeg2vdec.dll
15:38:50.0879 1128 C:\Windows\SysWOW64\msmpeg2vdec.dll - ok
15:38:50.0883 1128 [ FF7E3A2EE80ADEE757021E967BBB77F0 ] C:\Windows\SysWOW64\evr.dll
15:38:50.0883 1128 C:\Windows\SysWOW64\evr.dll - ok
15:38:50.0886 1128 [ 689035D36092179300547AE4266A00EE ] C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
15:38:50.0886 1128 C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll - ok
15:38:50.0890 1128 [ 1948BFFB626F0065BA6911FE970E8483 ] C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
15:38:50.0890 1128 C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll - ok
15:38:50.0894 1128 [ E56FE56A51BC05E9CC367B3CC2BBFFA9 ] C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
15:38:50.0894 1128 C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll - ok
15:38:50.0898 1128 [ C7DE4414D5F6F9373F913CB86262D512 ] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
15:38:50.0898 1128 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe - ok
15:38:50.0902 1128 [ 518FF3876B04E4AB7D8C9ECAA60B4F1E ] C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll
15:38:50.0902 1128 C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll - ok
15:38:50.0906 1128 [ 88373275BF446644765F632D5249DC7C ] C:\Windows\SysWOW64\Speech\Common\sapi.dll
15:38:50.0906 1128 C:\Windows\SysWOW64\Speech\Common\sapi.dll - ok
15:38:50.0910 1128 [ B2D60B4B1D8C81731A925678F040B394 ] C:\Windows\System32\Speech\Common\sapi.dll
15:38:50.0910 1128 C:\Windows\System32\Speech\Common\sapi.dll - ok
15:38:50.0913 1128 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
15:38:50.0913 1128 C:\Windows\System32\shfolder.dll - ok
15:38:50.0917 1128 [ 35DB83C4DE9FA3889E937125D115EAA0 ] C:\Program Files (x86)\Google\Update\1.3.21.135\goopdateres_en.dll
15:38:50.0917 1128 C:\Program Files (x86)\Google\Update\1.3.21.135\goopdateres_en.dll - ok
15:38:50.0920 1128 [ 913D843498553A1BC8F8DBAD6358E49F ] C:\Windows\System32\sppsvc.exe
15:38:50.0920 1128 C:\Windows\System32\sppsvc.exe - ok
15:38:50.0924 1128 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
15:38:50.0924 1128 C:\Windows\System32\drivers\spsys.sys - ok
15:38:50.0928 1128 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
15:38:50.0928 1128 C:\Windows\System32\wscsvc.dll - ok
15:38:50.0931 1128 [ B7BDBEBC74105E68A3093073C30E3498 ] C:\Windows\System32\sppwinob.dll
15:38:50.0931 1128 C:\Windows\System32\sppwinob.dll - ok
15:38:50.0934 1128 [ DD4400813589985677A363F8A589CD02 ] C:\Windows\SysWOW64\wuapi.dll
15:38:50.0934 1128 C:\Windows\SysWOW64\wuapi.dll - ok
15:38:50.0938 1128 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
15:38:50.0938 1128 C:\Windows\System32\wuaueng.dll - ok
15:38:50.0941 1128 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
15:38:50.0941 1128 C:\Windows\System32\wuapi.dll - ok
15:38:50.0945 1128 [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\SysWOW64\mspatcha.dll
15:38:50.0945 1128 C:\Windows\SysWOW64\mspatcha.dll - ok
15:38:50.0948 1128 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
15:38:50.0948 1128 C:\Windows\System32\mspatcha.dll - ok
15:38:50.0952 1128 [ 2EA045FDD715FB03F65F6915B7FE8916 ] C:\Windows\SysWOW64\wups.dll
15:38:50.0952 1128 C:\Windows\SysWOW64\wups.dll - ok
15:38:50.0955 1128 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
15:38:50.0955 1128 C:\Windows\System32\wups.dll - ok
15:38:50.0959 1128 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\SysWOW64\wmsgapi.dll
15:38:50.0959 1128 C:\Windows\SysWOW64\wmsgapi.dll - ok
15:38:50.0963 1128 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
15:38:50.0963 1128 C:\Windows\System32\wups2.dll - ok
15:38:50.0966 1128 [ 2F530C1448D4984F2A3F995895F2D532 ] C:\Windows\System32\sppobjs.dll
15:38:50.0966 1128 C:\Windows\System32\sppobjs.dll - ok
15:38:50.0970 1128 [ 28D2C5CE5944E1B027CF5C8004CF89A1 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
15:38:50.0970 1128 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll - ok
15:38:50.0973 1128 [ E0FF893763BA82BAABB869A351F0C455 ] C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
15:38:50.0973 1128 C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll - ok
15:38:50.0977 1128 [ 05C4A7136F3012BB47107333B5D351D3 ] C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
15:38:50.0977 1128 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll - ok
15:38:50.0981 1128 [ B55019778B8BA4C91F47BBDA3F2CEFE6 ] C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
15:38:50.0981 1128 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll - ok
15:38:50.0985 1128 [ 1C8124B6A03A620EB0CBCA615666D2AE ] C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
15:38:50.0985 1128 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll - ok
15:38:50.0988 1128 [ D4BD9F86123C87ECA570418B69326F99 ] C:\Windows\SysWOW64\npDeployJava1.dll
15:38:50.0988 1128 C:\Windows\SysWOW64\npDeployJava1.dll - ok
15:38:50.0992 1128 [ 8006FC6A9A7C3168EF15DBA842C3AFC5 ] C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
15:38:50.0992 1128 C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll - ok
15:38:50.0996 1128 [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files (x86)\Windows Defender\MpClient.dll
15:38:50.0996 1128 C:\Program Files (x86)\Windows Defender\MpClient.dll - ok
15:38:50.0999 1128 [ 79E485E1361DA3CBE01FF760867F1D26 ] C:\Program Files (x86)\Windows Defender\MpOAV.dll
15:38:50.0999 1128 C:\Program Files (x86)\Windows Defender\MpOAV.dll - ok
15:38:51.0003 1128 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Son\Downloads\tdsskiller (1).exe
15:38:51.0003 1128 C:\Users\Son\Downloads\tdsskiller (1).exe - ok
15:38:51.0006 1128 [ A018C8A668A4CC53EFF1070F84061800 ] C:\Windows\System32\consent.exe
15:38:51.0006 1128 C:\Windows\System32\consent.exe - ok
15:38:51.0010 1128 [ A0EC5976E86CEED540992CD634D3BCEE ] C:\Windows\System32\en-US\consent.exe.mui
15:38:51.0010 1128 C:\Windows\System32\en-US\consent.exe.mui - ok
15:38:51.0014 1128 [ C54E20766246F1033B38ABDFF8DE8B21 ] C:\Windows\SysWOW64\input.dll
15:38:51.0014 1128 C:\Windows\SysWOW64\input.dll - ok
15:38:51.0017 1128 [ 2A39583FE2AF77EBBC1DC34BE1F8299E ] C:\Windows\SysWOW64\en-US\input.dll.mui
15:38:51.0017 1128 C:\Windows\SysWOW64\en-US\input.dll.mui - ok
15:38:51.0021 1128 [ 83D6A4750D3A08EEF90FE4DF643F390C ] C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui
15:38:51.0021 1128 C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui - ok
15:38:51.0025 1128 [ D629F73E88B2DA7F5BDA2C06466DCCC4 ] C:\Windows\IME\SPTIP.DLL
15:38:51.0025 1128 C:\Windows\IME\SPTIP.DLL - ok
15:38:51.0028 1128 [ CE3602BA373CA549239AFC74B04A21DF ] C:\Windows\IME\en-US\SpTip.dll.mui
15:38:51.0028 1128 C:\Windows\IME\en-US\SpTip.dll.mui - ok
15:38:51.0032 1128 [ 3EE10E01F87C77690AAE39DA7B8FDC2D ] C:\Program Files\Windows NT\TableTextService\TableTextService.dll
15:38:51.0032 1128 C:\Program Files\Windows NT\TableTextService\TableTextService.dll - ok
15:38:51.0036 1128 [ 0DB03249DE5A282CC400AEC1D421CA9D ] C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui
15:38:51.0036 1128 C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui - ok
15:38:51.0039 1128 [ 58D05E0CD1D987A19059842B59F02358 ] C:\Windows\SysWOW64\en-US\msutb.dll.mui
15:38:51.0039 1128 C:\Windows\SysWOW64\en-US\msutb.dll.mui - ok
15:38:51.0043 1128 [ 2DDBE921502D32E87F181F65AFE77AF3 ] C:\Windows\SysWOW64\en-US\winmm.dll.mui
15:38:51.0043 1128 C:\Windows\SysWOW64\en-US\winmm.dll.mui - ok
15:38:51.0047 1128 [ EFE3A0EAFFE4A11C8EEEEB84D5A79936 ] C:\Windows\SysWOW64\en-US\authui.dll.mui
15:38:51.0047 1128 C:\Windows\SysWOW64\en-US\authui.dll.mui - ok
15:38:51.0051 1128 [ CD5A94572650CB80E05D52F9617A0D1B ] C:\Windows\SysWOW64\en-US\wdmaud.drv.mui
15:38:51.0051 1128 C:\Windows\SysWOW64\en-US\wdmaud.drv.mui - ok
15:38:51.0054 1128 [ 5704351536FDEACEBC4291D570826F17 ] C:\Windows\SysWOW64\en-US\imageres.dll.mui
15:38:51.0054 1128 C:\Windows\SysWOW64\en-US\imageres.dll.mui - ok
15:38:51.0058 1128 [ E0AD091B785EB541370660B0C3A4DCC4 ] C:\Windows\SysWOW64\en-US\MMDevAPI.dll.mui
15:38:51.0058 1128 C:\Windows\SysWOW64\en-US\MMDevAPI.dll.mui - ok
15:38:51.0062 1128 [ 339DFA98DDDA7DDF735CE21C82E6F1DD ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
15:38:51.0062 1128 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe - ok
15:38:51.0065 1128 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\88248148.sys
15:38:51.0065 1128 C:\Windows\System32\drivers\88248148.sys - ok
15:38:51.0069 1128 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
15:38:51.0069 1128 C:\Windows\SysWOW64\riched20.dll - ok
15:38:51.0072 1128 [ F175E53C7C3B25A9029A131FB578B155 ] C:\Windows\SysWOW64\wscinterop.dll
15:38:51.0072 1128 C:\Windows\SysWOW64\wscinterop.dll - ok
15:38:51.0076 1128 [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll
15:38:51.0076 1128 C:\Windows\System32\wscinterop.dll - ok
15:38:51.0080 1128 [ 7FD5532C142DB6C9CC47AA4DCF71FDEC ] C:\Windows\SysWOW64\wscui.cpl
15:38:51.0080 1128 C:\Windows\SysWOW64\wscui.cpl - ok
15:38:51.0083 1128 [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl
15:38:51.0083 1128 C:\Windows\System32\wscui.cpl - ok
15:38:51.0087 1128 [ C3626E674990EF003B6C94807E82B501 ] C:\Windows\System32\werconcpl.dll
15:38:51.0087 1128 C:\Windows\System32\werconcpl.dll - ok
15:38:51.0090 1128 [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
15:38:51.0090 1128 C:\Windows\System32\wercplsupport.dll - ok
15:38:51.0094 1128 [ 57CE9D8350B1DD76EEC596C423C3C0BC ] C:\Windows\SysWOW64\hcproviders.dll
15:38:51.0094 1128 C:\Windows\SysWOW64\hcproviders.dll - ok
15:38:51.0097 1128 [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll
15:38:51.0097 1128 C:\Windows\System32\hcproviders.dll - ok
15:38:51.0100 1128 ============================================================
15:38:51.0100 1128 Scan finished
15:38:51.0100 1128 ============================================================
15:38:51.0107 3428 Detected object count: 0
15:38:51.0107 3428 Actual detected object count: 0

#26 Hijacked_Help

Hijacked_Help

    New Member

  • Members
  • Pip
  • 15 posts

Posted 31 March 2013 - 02:50 PM

-ROOTKIT-


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 4151427072, free: 2159185920

------------ Kernel report ------------
03/31/2013 15:41:15
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\49415184.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\avgfwd6a.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006975790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xfffffa8005d63350
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004ba9520
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80045f7050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.31.04
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004ba9520, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004baa040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004ba9520, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045f7050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0089ba970, 0xfffffa8004ba9520, 0xfffffa8005dd2090
Lower DeviceData: 0xfffff8a008a3a850, 0xfffffa80045f7050, 0xfffffa8005dd5660
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4B7FFD57

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 36864000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 36866048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 37070848 Numsec = 939700272

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006975790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003c56040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006975790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005d63350, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

#27 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 31 March 2013 - 03:45 PM


Hello Hijacked_Help

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo



William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#28 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 03 April 2013 - 10:21 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo

William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#29 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 06 April 2013 - 01:08 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#30 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 10 April 2013 - 01:37 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users