Jump to content

Can't get rid of Trojan Dropper BC Miner


Recommended Posts

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Ok I ran Security Check, Adwcleaner, and RogueKiller as you mentions. All of the logs are pasted below.

While I was running RogueKiller, it opened FireFox and it showed a site about [Rootkit] Zero Access (Max++). Here's the address: http://tigzyrk.blogspot.com/2011/09/rootkit-zeroaccess-max.html.'>http://tigzyrk.blogspot.com/2011/09/rootkit-zeroaccess-max.html. I don't understand what it all means (not very computer-savvy).

Also RogueKiller produced 2 reports. I posted both of them.

CHECKUP

Results of screen317's Security Check version 0.99.51

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

AVG Anti-Virus Free Edition 2011

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

CounterSpy

Malwarebytes Anti-Malware version 1.65.0.1400

AVG PC Tuneup 2011

Java 6 Update 35

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

ADWCLEANER

# AdwCleaner v2.003 - Logfile created 09/29/2012 at 12:48:45

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Jeffrey Poon - JEFFREYPOON-PC

# Boot Mode : Normal

# Running from : C:\Users\Jeffrey Poon\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Deleted : C:\Users\JEFFRE~1\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Deleted : C:\Program Files (x86)\Viewpoint

Folder Deleted : C:\ProgramData\Viewpoint

Folder Deleted : C:\Users\JEFFRE~1\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\Jeffrey Poon\AppData\Local\TempDir

Folder Deleted : C:\Users\Jeffrey Poon\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\StartNow Toolbar

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\Software\StartNow Toolbar

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [startNowToolbarHelper]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Users\Jeffrey Poon\AppData\Roaming\Mozilla\Firefox\Profiles\fys26f3r.default\prefs.js

C:\Users\Jeffrey Poon\AppData\Roaming\Mozilla\Firefox\Profiles\fys26f3r.default\user.js ... Deleted !

Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");

Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "ori.startnow.com");

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Jeffrey Poon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [5795 octets] - [29/09/2012 12:48:45]

########## EOF - C:\AdwCleaner[s1].txt - [5855 octets] ##########

ROGUEKILLER 1

RogueKiller V8.1.0 [09/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Jeffrey Poon [Admin rights]

Mode : Scan -- Date : 09/29/2012 12:55:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] {028EC007-A145-40C6-AE6C-AC1478A82FF6} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\vearchive.com_Oppai Baka\vearchive.com_Oppai Baka\[18____] [070629] [OLE] ______ ~___________!!~\(18____) [070629]__________________!!_\OPPAIBAKA\setup.exe" -d "C:\Users\Jeffrey Poon\Desktop\vearchive.com_Oppai Baka\vearchive.com_Oppai Baka\[18____] [070629] [OLE] ______ ~___________!!~\(18____) [070629]__________________!!_\OPPAIBAKA" -> FOUND

[TASK][sUSP PATH] {4ED6D4A9-7326-465A-BC51-1F9057CA22C5} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\(18禁ゲーム) [070629]おっぱいバカーおっぱい以外は認めないー\setup.exe" -d "C:\Users\Jeffrey Poon\Desktop\(18禁ゲーム) [070629]おっぱいバカーおっぱい以外は認めないー" -> FOUND

[TASK][sUSP PATH] {7E36B28A-6450-481A-B3CB-D69A148DA5C5} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\MabinogiSetup71R.exe" -d "C:\Users\Jeffrey Poon\Desktop" -> FOUND

[TASK][sUSP PATH] {E954D84E-39FF-4D9D-BC20-C7CC3D180F8C} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\avg_avwt_stb_en_9_40_free.exe" -d "C:\Users\Jeffrey Poon\Desktop" -> FOUND

[TASK][sUSP PATH] {F1AFBC21-E437-4FE4-8788-B2C2A8C8AF84} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\avg_avwt_stb_en_9_40_free.exe" -d "C:\Users\Jeffrey Poon\Desktop" -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420ASG ATA Device +++++

--- User ---

[MBR] 3ce60f2ecc714aecbd20a628559e91a2

[bSP] 0c44dbe6976e4a0886d743521bcc9912 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

ROGUEKILLER 2

RogueKiller V8.1.0 [09/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Jeffrey Poon [Admin rights]

Mode : Remove -- Date : 09/29/2012 12:58:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] {028EC007-A145-40C6-AE6C-AC1478A82FF6} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\vearchive.com_Oppai Baka\vearchive.com_Oppai Baka\[18____] [070629] [OLE] ______ ~___________!!~\(18____) [070629]__________________!!_\OPPAIBAKA\setup.exe" -d "C:\Users\Jeffrey Poon\Desktop\vearchive.com_Oppai Baka\vearchive.com_Oppai Baka\[18____] [070629] [OLE] ______ ~___________!!~\(18____) [070629]__________________!!_\OPPAIBAKA" -> DELETED

[TASK][sUSP PATH] {4ED6D4A9-7326-465A-BC51-1F9057CA22C5} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\(18禁ゲーム) [070629]おっぱいバカーおっぱい以外は認めないー\setup.exe" -d "C:\Users\Jeffrey Poon\Desktop\(18禁ゲーム) [070629]おっぱいバカーおっぱい以外は認めないー" -> DELETED

[TASK][sUSP PATH] {7E36B28A-6450-481A-B3CB-D69A148DA5C5} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\MabinogiSetup71R.exe" -d "C:\Users\Jeffrey Poon\Desktop" -> DELETED

[TASK][sUSP PATH] {E954D84E-39FF-4D9D-BC20-C7CC3D180F8C} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\avg_avwt_stb_en_9_40_free.exe" -d "C:\Users\Jeffrey Poon\Desktop" -> DELETED

[TASK][sUSP PATH] {F1AFBC21-E437-4FE4-8788-B2C2A8C8AF84} : C:\Windows\system32\pcalua.exe -a "C:\Users\Jeffrey Poon\Desktop\avg_avwt_stb_en_9_40_free.exe" -d "C:\Users\Jeffrey Poon\Desktop" -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ --> REMOVED AT REBOOT

[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000004.@ --> REMOVED

[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000008.@ --> REMOVED

[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\000000cb.@ --> REMOVED

[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000000.@ --> REMOVED

[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000032.@ --> REMOVED

[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000064.@ --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U --> REMOVED

[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000004.@ --> REMOVED

[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\201d3dde --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L --> REMOVED

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT

[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420ASG ATA Device +++++

--- User ---

[MBR] 3ce60f2ecc714aecbd20a628559e91a2

[bSP] 0c44dbe6976e4a0886d743521bcc9912 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Ok, I finished running ComboFix. The log is pasted below. The only that popped up was that AVG interrupted ComboFix near the end (detected as a threat). I went ahead and allowed ComboFix to continue. I did some test searched on Google and so far, I haven't seen anymore redirects.

ComboFix 12-09-27.03 - Jeffrey Poon 09/29/2012 14:42:56.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2043.710 [GMT -4:00]

Running from: c:\users\Jeffrey Poon\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Sunbelt CounterSpy *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\SecureW2

c:\program files (x86)\SecureW2\Uninstall.exe

c:\programdata\DynuEncrypt.dll

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk

c:\users\Jeffrey Poon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2

c:\users\Jeffrey Poon\GoToAssistDownloadHelper.exe

c:\windows\Downloaded Program Files\IDropPTB.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))

.

.

2012-09-29 18:52 . 2012-09-29 18:52 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-09-29 04:57 . 2012-09-29 04:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-27 01:56 . 2012-09-27 01:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-09-22 14:43 . 2012-09-22 14:43 -------- d-----w- c:\users\Jeffrey Poon\AppData\Roaming\SUPERAntiSpyware.com

2012-09-22 14:40 . 2012-09-25 23:58 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-09-22 14:40 . 2012-09-22 14:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-09-08 01:20 . 2012-09-20 02:33 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2012-09-07 17:09 . 2012-09-07 17:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-09-07 03:07 . 2012-09-07 03:07 -------- d-----w- c:\program files (x86)\Elaborate Bytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-22 02:45 . 2012-05-10 12:58 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-22 02:45 . 2012-01-10 21:27 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-21 03:00 . 2011-04-05 21:12 1684 ----a-w- c:\windows\system32\ASOROSet.bin

2012-09-07 23:22 . 2011-04-05 21:08 18784 ----a-w- c:\windows\system32\roboot64.exe

2012-09-07 21:04 . 2010-03-01 21:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-29 00:24 . 2012-06-19 13:42 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-08-29 00:24 . 2010-05-15 05:07 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c0326c12-9f06-4344-aa25-60267226bb7d}]

2011-06-23 17:54 81920 ----a-w- c:\program files (x86)\gpotatotoolbar\vmntemplateX.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{c0326c12-9f06-4344-aa25-60267226bb7d}"= "c:\program files (x86)\gpotatotoolbar\vmntemplateX.dll" [2011-06-23 81920]

.

[HKEY_CLASSES_ROOT\clsid\{c0326c12-9f06-4344-aa25-60267226bb7d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-25 5664640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-16 560128]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Jeffrey Poon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BTGuard Updates.lnk - c:\btguard\settings.exe [2011-11-15 1254912]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]

R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\DriftCity\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-14 1432400]

R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-02-25 45176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 136176]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-09 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-01-31 49256]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]

S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-09-07 263520]

S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-22 673792]

S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]

S2 SBAMSvc;CounterSpy Antispyware;c:\program files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe [2010-08-20 2763080]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 64600]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe [2010-08-20 181584]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2011-01-13 705856]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-07 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-07 66328]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-07 16008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 02:45]

.

2012-09-28 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job

- c:\program files (x86)\Advanced System Optimizer 3\CheckUpdate.exe [2011-09-17 23:22]

.

2012-09-21 c:\windows\Tasks\ASO-OneClickCare.job

- c:\program files (x86)\Advanced System Optimizer 3\ASO3.exe [2011-09-17 23:22]

.

2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 14:49]

.

2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 14:49]

.

2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3523982654-615243500-1193457057-1001Core.job

- c:\users\Jeffrey Poon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 14:49]

.

2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3523982654-615243500-1193457057-1001UA.job

- c:\users\Jeffrey Poon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 14:49]

.

2012-09-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1339b91d-412a-44b0-ba02-67e354f6980d.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

TCP: DhcpNameServer = 216.106.154.1

FF - ProfilePath - c:\users\Jeffrey Poon\AppData\Roaming\Mozilla\Firefox\Profiles\fys26f3r.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-FAStartup - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-SecureW2 Personal Client - Distribution Edition - c:\program files (x86)\SecureW2\Uninstall.exe

AddRemove-BTGuard 2.4 - c:\btguard\Uninstal.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]

"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe

.

**************************************************************************

.

Completion time: 2012-09-29 15:04:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-29 19:04

.

Pre-Run: 11,833,192,448 bytes free

Post-Run: 12,243,169,280 bytes free

.

- - End Of File - - 527E5346DAF006F8996EDE3420C788DC

Link to post
Share on other sites

  • Staff

Hello

that is great news about the redirects but I want to do some deeper checking just to be sure

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Sorry for the late reply. Had to go out. I ran TDSSKiller and aswMBR. The logs are pasted below.

TDSSKILLER

15:28:17.0908 5348 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

15:28:18.0263 5348 ============================================================

15:28:18.0263 5348 Current date / time: 2012/09/29 15:28:18.0263

15:28:18.0263 5348 SystemInfo:

15:28:18.0263 5348

15:28:18.0263 5348 OS Version: 6.1.7600 ServicePack: 0.0

15:28:18.0263 5348 Product type: Workstation

15:28:18.0263 5348 ComputerName: JEFFREYPOON-PC

15:28:18.0263 5348 UserName: Jeffrey Poon

15:28:18.0263 5348 Windows directory: C:\Windows

15:28:18.0263 5348 System windows directory: C:\Windows

15:28:18.0263 5348 Running under WOW64

15:28:18.0263 5348 Processor architecture: Intel x64

15:28:18.0263 5348 Number of processors: 2

15:28:18.0263 5348 Page size: 0x1000

15:28:18.0263 5348 Boot type: Normal boot

15:28:18.0263 5348 ============================================================

15:28:19.0861 5348 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:28:19.0869 5348 ============================================================

15:28:19.0869 5348 \Device\Harddisk0\DR0:

15:28:19.0870 5348 MBR partitions:

15:28:19.0870 5348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000

15:28:19.0870 5348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B

15:28:19.0870 5348 ============================================================

15:28:19.0896 5348 C: <-> \Device\Harddisk0\DR0\Partition2

15:28:19.0897 5348 ============================================================

15:28:19.0897 5348 Initialize success

15:28:19.0897 5348 ============================================================

15:28:21.0749 4164 ============================================================

15:28:21.0749 4164 Scan started

15:28:21.0749 4164 Mode: Manual;

15:28:21.0749 4164 ============================================================

15:28:24.0525 4164 ================ Scan system memory ========================

15:28:24.0525 4164 System memory - ok

15:28:24.0525 4164 ================ Scan services =============================

15:28:24.0802 4164 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

15:28:24.0807 4164 !SASCORE - ok

15:28:25.0055 4164 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

15:28:25.0063 4164 1394ohci - ok

15:28:25.0189 4164 [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

15:28:25.0227 4164 AbsoluteNotifier - ok

15:28:25.0258 4164 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

15:28:25.0265 4164 ACPI - ok

15:28:25.0279 4164 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

15:28:25.0282 4164 AcpiPmi - ok

15:28:25.0491 4164 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:28:25.0501 4164 AdobeFlashPlayerUpdateSvc - ok

15:28:25.0532 4164 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

15:28:25.0541 4164 adp94xx - ok

15:28:25.0559 4164 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

15:28:25.0566 4164 adpahci - ok

15:28:25.0584 4164 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

15:28:25.0589 4164 adpu320 - ok

15:28:25.0668 4164 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:28:25.0669 4164 AeLookupSvc - ok

15:28:25.0702 4164 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys

15:28:25.0711 4164 AFD - ok

15:28:25.0725 4164 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

15:28:25.0728 4164 agp440 - ok

15:28:25.0932 4164 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll

15:28:25.0933 4164 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76

15:28:25.0942 4164 Akamai ( HiddenFile.Multi.Generic ) - warning

15:28:25.0942 4164 Akamai - detected HiddenFile.Multi.Generic (1)

15:28:25.0962 4164 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:28:25.0965 4164 ALG - ok

15:28:25.0979 4164 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

15:28:25.0981 4164 aliide - ok

15:28:26.0047 4164 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

15:28:26.0091 4164 AMD External Events Utility - ok

15:28:26.0103 4164 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

15:28:26.0105 4164 amdide - ok

15:28:26.0123 4164 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

15:28:26.0126 4164 AmdK8 - ok

15:28:26.0140 4164 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

15:28:26.0143 4164 AmdPPM - ok

15:28:26.0159 4164 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

15:28:26.0162 4164 amdsata - ok

15:28:26.0176 4164 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

15:28:26.0181 4164 amdsbs - ok

15:28:26.0197 4164 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

15:28:26.0199 4164 amdxata - ok

15:28:26.0204 4164 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

15:28:26.0207 4164 AppID - ok

15:28:26.0222 4164 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:28:26.0224 4164 AppIDSvc - ok

15:28:26.0241 4164 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

15:28:26.0244 4164 Appinfo - ok

15:28:26.0316 4164 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:28:26.0337 4164 Apple Mobile Device - ok

15:28:26.0376 4164 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

15:28:26.0379 4164 arc - ok

15:28:26.0394 4164 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

15:28:26.0397 4164 arcsas - ok

15:28:26.0513 4164 [ DD09DA7F16575E5402D9891AD1C317CE ] ASO3DiskOptimizer C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe

15:28:26.0539 4164 ASO3DiskOptimizer - ok

15:28:26.0737 4164 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:28:26.0742 4164 aspnet_state - ok

15:28:26.0758 4164 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:28:26.0760 4164 AsyncMac - ok

15:28:26.0775 4164 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

15:28:26.0776 4164 atapi - ok

15:28:26.0839 4164 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

15:28:26.0846 4164 AtiHdmiService - ok

15:28:26.0964 4164 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

15:28:27.0072 4164 atikmdag - ok

15:28:27.0165 4164 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:28:27.0188 4164 AudioEndpointBuilder - ok

15:28:27.0211 4164 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:28:27.0215 4164 AudioSrv - ok

15:28:27.0332 4164 [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

15:28:27.0367 4164 Autodesk Content Service - ok

15:28:27.0666 4164 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

15:28:27.0828 4164 AVGIDSAgent - ok

15:28:27.0886 4164 [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

15:28:27.0905 4164 AVGIDSDriver - ok

15:28:27.0966 4164 [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

15:28:27.0969 4164 AVGIDSEH - ok

15:28:28.0021 4164 [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

15:28:28.0050 4164 AVGIDSFilter - ok

15:28:28.0122 4164 [ FF7383388A7D2283DAE5831ABC2B0720 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

15:28:28.0132 4164 Avgldx64 - ok

15:28:28.0198 4164 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

15:28:28.0201 4164 Avgmfx64 - ok

15:28:28.0262 4164 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

15:28:28.0266 4164 Avgrkx64 - ok

15:28:28.0286 4164 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

15:28:28.0294 4164 Avgtdia - ok

15:28:28.0357 4164 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

15:28:28.0364 4164 avgwd - ok

15:28:28.0424 4164 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:28:28.0430 4164 AxInstSV - ok

15:28:28.0504 4164 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

15:28:28.0530 4164 b06bdrv - ok

15:28:28.0560 4164 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:28:28.0565 4164 b57nd60a - ok

15:28:28.0628 4164 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

15:28:28.0633 4164 BCM42RLY - ok

15:28:28.0747 4164 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

15:28:28.0802 4164 BCM43XX - ok

15:28:28.0829 4164 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:28:28.0833 4164 BDESVC - ok

15:28:28.0858 4164 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:28:28.0861 4164 Beep - ok

15:28:28.0906 4164 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

15:28:28.0932 4164 BFE - ok

15:28:29.0037 4164 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll

15:28:29.0070 4164 BITS - ok

15:28:29.0091 4164 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:28:29.0094 4164 blbdrive - ok

15:28:29.0161 4164 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:28:29.0166 4164 bowser - ok

15:28:29.0186 4164 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:28:29.0188 4164 BrFiltLo - ok

15:28:29.0205 4164 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:28:29.0207 4164 BrFiltUp - ok

15:28:29.0227 4164 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

15:28:29.0230 4164 BridgeMP - ok

15:28:29.0246 4164 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll

15:28:29.0250 4164 Browser - ok

15:28:29.0272 4164 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:28:29.0278 4164 Brserid - ok

15:28:29.0295 4164 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:28:29.0298 4164 BrSerWdm - ok

15:28:29.0310 4164 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:28:29.0312 4164 BrUsbMdm - ok

15:28:29.0328 4164 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:28:29.0330 4164 BrUsbSer - ok

15:28:29.0347 4164 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

15:28:29.0351 4164 BTHMODEM - ok

15:28:29.0373 4164 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:28:29.0376 4164 bthserv - ok

15:28:29.0379 4164 catchme - ok

15:28:29.0419 4164 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:28:29.0422 4164 cdfs - ok

15:28:29.0437 4164 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:28:29.0442 4164 cdrom - ok

15:28:29.0452 4164 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

15:28:29.0455 4164 CertPropSvc - ok

15:28:29.0467 4164 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

15:28:29.0469 4164 circlass - ok

15:28:29.0539 4164 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:28:29.0561 4164 CLFS - ok

15:28:29.0710 4164 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:28:29.0720 4164 clr_optimization_v2.0.50727_32 - ok

15:28:29.0804 4164 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:28:29.0811 4164 clr_optimization_v2.0.50727_64 - ok

15:28:29.0899 4164 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:28:29.0937 4164 clr_optimization_v4.0.30319_32 - ok

15:28:29.0973 4164 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:28:29.0978 4164 clr_optimization_v4.0.30319_64 - ok

15:28:29.0992 4164 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:28:29.0995 4164 CmBatt - ok

15:28:30.0010 4164 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

15:28:30.0012 4164 cmdide - ok

15:28:30.0034 4164 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys

15:28:30.0041 4164 CNG - ok

15:28:30.0058 4164 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

15:28:30.0061 4164 Compbatt - ok

15:28:30.0067 4164 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

15:28:30.0070 4164 CompositeBus - ok

15:28:30.0074 4164 COMSysApp - ok

15:28:30.0090 4164 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

15:28:30.0092 4164 crcdisk - ok

15:28:30.0110 4164 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:28:30.0115 4164 CryptSvc - ok

15:28:30.0171 4164 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

15:28:30.0175 4164 CtClsFlt - ok

15:28:30.0256 4164 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:28:30.0277 4164 DcomLaunch - ok

15:28:30.0372 4164 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:28:30.0391 4164 defragsvc - ok

15:28:30.0411 4164 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:28:30.0414 4164 DfsC - ok

15:28:30.0484 4164 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

15:28:30.0503 4164 Dhcp - ok

15:28:30.0515 4164 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:28:30.0517 4164 discache - ok

15:28:30.0524 4164 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

15:28:30.0527 4164 Disk - ok

15:28:30.0591 4164 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:28:30.0599 4164 Dnscache - ok

15:28:30.0727 4164 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

15:28:30.0814 4164 DockLoginService - ok

15:28:30.0840 4164 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

15:28:30.0846 4164 dot3svc - ok

15:28:30.0861 4164 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

15:28:30.0865 4164 DPS - ok

15:28:30.0921 4164 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:28:30.0962 4164 drmkaud - ok

15:28:30.0996 4164 dump_wmimmc - ok

15:28:31.0051 4164 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:28:31.0078 4164 DXGKrnl - ok

15:28:31.0083 4164 EagleX64 - ok

15:28:31.0143 4164 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:28:31.0147 4164 EapHost - ok

15:28:31.0268 4164 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

15:28:31.0334 4164 ebdrv - ok

15:28:31.0409 4164 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe

15:28:31.0416 4164 EFS - ok

15:28:31.0556 4164 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:28:31.0577 4164 ehRecvr - ok

15:28:31.0636 4164 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:28:31.0642 4164 ehSched - ok

15:28:31.0668 4164 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

15:28:31.0677 4164 elxstor - ok

15:28:31.0693 4164 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

15:28:31.0696 4164 ErrDev - ok

15:28:31.0729 4164 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:28:31.0736 4164 EventSystem - ok

15:28:31.0739 4164 EverestDriver - ok

15:28:31.0766 4164 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:28:31.0771 4164 exfat - ok

15:28:31.0849 4164 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys

15:28:31.0855 4164 FACAP - ok

15:28:31.0970 4164 [ 935867267A37317E5C1089019E1851B8 ] FAService c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

15:28:32.0059 4164 FAService - ok

15:28:32.0073 4164 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:28:32.0077 4164 fastfat - ok

15:28:32.0160 4164 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

15:28:32.0181 4164 Fax - ok

15:28:32.0200 4164 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

15:28:32.0202 4164 fdc - ok

15:28:32.0262 4164 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:28:32.0267 4164 fdPHost - ok

15:28:32.0285 4164 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:28:32.0289 4164 FDResPub - ok

15:28:32.0303 4164 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:28:32.0306 4164 FileInfo - ok

15:28:32.0314 4164 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:28:32.0317 4164 Filetrace - ok

15:28:32.0460 4164 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

15:28:32.0492 4164 FLEXnet Licensing Service 64 - ok

15:28:32.0511 4164 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

15:28:32.0514 4164 flpydisk - ok

15:28:32.0531 4164 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:28:32.0538 4164 FltMgr - ok

15:28:32.0621 4164 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll

15:28:32.0649 4164 FontCache - ok

15:28:32.0770 4164 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:28:32.0774 4164 FontCache3.0.0.0 - ok

15:28:32.0808 4164 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:28:32.0811 4164 FsDepends - ok

15:28:32.0819 4164 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:28:32.0821 4164 Fs_Rec - ok

15:28:32.0878 4164 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:28:32.0886 4164 fvevol - ok

15:28:32.0911 4164 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

15:28:32.0914 4164 gagp30kx - ok

15:28:32.0976 4164 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:28:32.0980 4164 GEARAspiWDM - ok

15:28:32.0988 4164 getPlusHelper - ok

15:28:33.0066 4164 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

15:28:33.0073 4164 GoToAssist - ok

15:28:33.0150 4164 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

15:28:33.0173 4164 gpsvc - ok

15:28:33.0251 4164 [ 721CE1551F8198714F3CABFE2147939B ] Gun C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys

15:28:33.0257 4164 Gun - ok

15:28:33.0398 4164 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:28:33.0401 4164 gupdate - ok

15:28:33.0408 4164 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:28:33.0409 4164 gupdatem - ok

15:28:33.0486 4164 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

15:28:33.0534 4164 gusvc - ok

15:28:33.0551 4164 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:28:33.0555 4164 hcw85cir - ok

15:28:33.0633 4164 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:28:33.0652 4164 HdAudAddService - ok

15:28:33.0672 4164 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

15:28:33.0675 4164 HDAudBus - ok

15:28:33.0689 4164 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

15:28:33.0691 4164 HidBatt - ok

15:28:33.0710 4164 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

15:28:33.0714 4164 HidBth - ok

15:28:33.0731 4164 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

15:28:33.0734 4164 HidIr - ok

15:28:33.0746 4164 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

15:28:33.0750 4164 hidserv - ok

15:28:33.0761 4164 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:28:33.0763 4164 HidUsb - ok

15:28:33.0781 4164 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:28:33.0785 4164 hkmsvc - ok

15:28:33.0799 4164 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:28:33.0805 4164 HomeGroupListener - ok

15:28:33.0886 4164 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:28:33.0901 4164 HomeGroupProvider - ok

15:28:33.0922 4164 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

15:28:33.0926 4164 HpSAMD - ok

15:28:33.0950 4164 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:28:33.0977 4164 HTTP - ok

15:28:34.0002 4164 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:28:34.0006 4164 hwpolicy - ok

15:28:34.0065 4164 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

15:28:34.0113 4164 i8042prt - ok

15:28:34.0131 4164 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys

15:28:34.0139 4164 iaStorV - ok

15:28:34.0249 4164 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:28:34.0274 4164 idsvc - ok

15:28:34.0288 4164 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

15:28:34.0291 4164 iirsp - ok

15:28:34.0315 4164 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

15:28:34.0342 4164 IKEEXT - ok

15:28:34.0362 4164 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

15:28:34.0364 4164 intelide - ok

15:28:34.0384 4164 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:28:34.0387 4164 intelppm - ok

15:28:34.0399 4164 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:28:34.0403 4164 IPBusEnum - ok

15:28:34.0417 4164 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:28:34.0420 4164 IpFilterDriver - ok

15:28:34.0468 4164 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:28:34.0486 4164 iphlpsvc - ok

15:28:34.0499 4164 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:28:34.0502 4164 IPMIDRV - ok

15:28:34.0520 4164 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:28:34.0524 4164 IPNAT - ok

15:28:34.0629 4164 [ 3151D878BB16307EF2CF4CDA2463D15E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:28:34.0657 4164 iPod Service - ok

15:28:34.0775 4164 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:28:34.0806 4164 IRENUM - ok

15:28:34.0842 4164 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

15:28:34.0881 4164 isapnp - ok

15:28:34.0919 4164 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

15:28:34.0925 4164 iScsiPrt - ok

15:28:34.0988 4164 [ 9291643B494F87BFDAC95A524F69E737 ] itecir C:\Windows\system32\DRIVERS\itecir.sys

15:28:35.0007 4164 itecir - ok

15:28:35.0033 4164 [ 08DD34F74D65E1C8F238565570952630 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

15:28:35.0039 4164 k57nd60a - ok

15:28:35.0053 4164 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:28:35.0057 4164 kbdclass - ok

15:28:35.0066 4164 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:28:35.0069 4164 kbdhid - ok

15:28:35.0079 4164 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe

15:28:35.0081 4164 KeyIso - ok

15:28:35.0091 4164 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:28:35.0095 4164 KSecDD - ok

15:28:35.0164 4164 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:28:35.0169 4164 KSecPkg - ok

15:28:35.0185 4164 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:28:35.0189 4164 ksthunk - ok

15:28:35.0259 4164 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:28:35.0282 4164 KtmRm - ok

15:28:35.0350 4164 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll

15:28:35.0398 4164 LanmanServer - ok

15:28:35.0463 4164 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:28:35.0471 4164 LanmanWorkstation - ok

15:28:35.0549 4164 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys

15:28:35.0556 4164 LGBusEnum - ok

15:28:35.0626 4164 [ 158D22B9EA55C5D7449ADD199015715E ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys

15:28:35.0631 4164 LGSHidFilt - ok

15:28:35.0701 4164 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys

15:28:35.0721 4164 LGVirHid - ok

15:28:35.0745 4164 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:28:35.0747 4164 lltdio - ok

15:28:35.0812 4164 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:28:35.0829 4164 lltdsvc - ok

15:28:35.0847 4164 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:28:35.0850 4164 lmhosts - ok

15:28:35.0914 4164 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

15:28:35.0918 4164 LSI_FC - ok

15:28:35.0930 4164 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

15:28:35.0933 4164 LSI_SAS - ok

15:28:35.0948 4164 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:28:35.0951 4164 LSI_SAS2 - ok

15:28:35.0957 4164 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:28:35.0959 4164 LSI_SCSI - ok

15:28:35.0990 4164 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:28:35.0994 4164 luafv - ok

15:28:36.0046 4164 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

15:28:36.0050 4164 MBAMProtector - ok

15:28:36.0182 4164 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

15:28:36.0200 4164 MBAMScheduler - ok

15:28:36.0280 4164 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:28:36.0319 4164 MBAMService - ok

15:28:36.0382 4164 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:28:36.0387 4164 Mcx2Svc - ok

15:28:36.0399 4164 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

15:28:36.0402 4164 megasas - ok

15:28:36.0425 4164 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

15:28:36.0431 4164 MegaSR - ok

15:28:36.0677 4164 [ 6BF0A4A21FBB50FCF644E9B7E8955241 ] mitsijm2011 C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe

15:28:36.0719 4164 mitsijm2011 - ok

15:28:36.0816 4164 [ 29731E3F45A70312E82A72EA96483171 ] mitsijm2012 C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

15:28:36.0915 4164 mitsijm2012 - ok

15:28:36.0975 4164 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:28:36.0981 4164 MMCSS - ok

15:28:37.0049 4164 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:28:37.0054 4164 Modem - ok

15:28:37.0072 4164 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:28:37.0073 4164 monitor - ok

15:28:37.0135 4164 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys

15:28:37.0140 4164 motandroidusb - ok

15:28:37.0227 4164 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

15:28:37.0233 4164 MotoHelper - ok

15:28:37.0248 4164 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:28:37.0250 4164 mouclass - ok

15:28:37.0263 4164 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:28:37.0266 4164 mouhid - ok

15:28:37.0280 4164 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:28:37.0283 4164 mountmgr - ok

15:28:37.0386 4164 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:28:37.0393 4164 MozillaMaintenance - ok

15:28:37.0409 4164 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

15:28:37.0414 4164 mpio - ok

15:28:37.0428 4164 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:28:37.0431 4164 mpsdrv - ok

15:28:37.0487 4164 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:28:37.0512 4164 MpsSvc - ok

15:28:37.0529 4164 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:28:37.0534 4164 MRxDAV - ok

15:28:37.0609 4164 [ B7F3D2C40BDF8FFB73EBFB19C77734E2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:28:37.0617 4164 mrxsmb - ok

15:28:37.0632 4164 [ 86C6F88B5168CE21CF8D69D0B3FF5D19 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:28:37.0638 4164 mrxsmb10 - ok

15:28:37.0714 4164 [ B081069251C8E9F42CB8769D07148F9C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:28:37.0720 4164 mrxsmb20 - ok

15:28:37.0737 4164 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

15:28:37.0740 4164 msahci - ok

15:28:37.0755 4164 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

15:28:37.0759 4164 msdsm - ok

15:28:37.0780 4164 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:28:37.0786 4164 MSDTC - ok

15:28:37.0811 4164 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:28:37.0814 4164 Msfs - ok

15:28:37.0826 4164 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:28:37.0839 4164 mshidkmdf - ok

15:28:37.0851 4164 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

15:28:37.0855 4164 msisadrv - ok

15:28:37.0931 4164 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:28:37.0937 4164 MSiSCSI - ok

15:28:37.0942 4164 msiserver - ok

15:28:37.0962 4164 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:28:37.0965 4164 MSKSSRV - ok

15:28:37.0970 4164 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:28:37.0972 4164 MSPCLOCK - ok

15:28:37.0997 4164 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:28:38.0000 4164 MSPQM - ok

15:28:38.0021 4164 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:28:38.0028 4164 MsRPC - ok

15:28:38.0044 4164 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

15:28:38.0047 4164 mssmbios - ok

15:28:38.0064 4164 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:28:38.0066 4164 MSTEE - ok

15:28:38.0076 4164 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

15:28:38.0080 4164 MTConfig - ok

15:28:38.0097 4164 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:28:38.0100 4164 Mup - ok

15:28:38.0170 4164 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

15:28:38.0192 4164 napagent - ok

15:28:38.0211 4164 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:28:38.0217 4164 NativeWifiP - ok

15:28:38.0246 4164 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys

15:28:38.0280 4164 NDIS - ok

15:28:38.0296 4164 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:28:38.0299 4164 NdisCap - ok

15:28:38.0317 4164 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:28:38.0319 4164 NdisTapi - ok

15:28:38.0336 4164 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:28:38.0339 4164 Ndisuio - ok

15:28:38.0353 4164 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:28:38.0357 4164 NdisWan - ok

15:28:38.0375 4164 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:28:38.0378 4164 NDProxy - ok

15:28:38.0384 4164 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:28:38.0386 4164 NetBIOS - ok

15:28:38.0414 4164 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:28:38.0420 4164 NetBT - ok

15:28:38.0437 4164 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe

15:28:38.0439 4164 Netlogon - ok

15:28:38.0522 4164 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:28:38.0544 4164 Netman - ok

15:28:38.0610 4164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:28:38.0626 4164 NetMsmqActivator - ok

15:28:38.0643 4164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:28:38.0644 4164 NetPipeActivator - ok

15:28:38.0678 4164 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:28:38.0694 4164 netprofm - ok

15:28:38.0717 4164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:28:38.0718 4164 NetTcpActivator - ok

15:28:38.0725 4164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:28:38.0726 4164 NetTcpPortSharing - ok

15:28:38.0744 4164 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

15:28:38.0747 4164 nfrd960 - ok

15:28:38.0770 4164 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:28:38.0777 4164 NlaSvc - ok

15:28:38.0781 4164 nosGetPlusHelper - ok

15:28:38.0843 4164 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys

15:28:38.0846 4164 NPF - ok

15:28:38.0863 4164 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:28:38.0866 4164 Npfs - ok

15:28:38.0871 4164 npggsvc - ok

15:28:38.0879 4164 NPPTNT2 - ok

15:28:38.0937 4164 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:28:38.0944 4164 nsi - ok

15:28:38.0963 4164 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:28:38.0966 4164 nsiproxy - ok

15:28:39.0004 4164 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:28:39.0041 4164 Ntfs - ok

15:28:39.0059 4164 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:28:39.0062 4164 Null - ok

15:28:39.0083 4164 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys

15:28:39.0087 4164 nvraid - ok

15:28:39.0098 4164 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys

15:28:39.0103 4164 nvstor - ok

15:28:39.0121 4164 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

15:28:39.0124 4164 nv_agp - ok

15:28:39.0277 4164 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:28:39.0314 4164 odserv - ok

15:28:39.0335 4164 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

15:28:39.0339 4164 ohci1394 - ok

15:28:39.0409 4164 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:28:39.0416 4164 ose - ok

15:28:39.0487 4164 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:28:39.0510 4164 p2pimsvc - ok

15:28:39.0577 4164 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:28:39.0598 4164 p2psvc - ok

15:28:39.0683 4164 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

15:28:39.0689 4164 Parport - ok

15:28:39.0707 4164 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:28:39.0711 4164 partmgr - ok

15:28:39.0723 4164 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:28:39.0729 4164 PcaSvc - ok

15:28:39.0743 4164 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

15:28:39.0746 4164 pci - ok

15:28:39.0763 4164 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

15:28:39.0766 4164 pciide - ok

15:28:39.0789 4164 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

15:28:39.0794 4164 pcmcia - ok

15:28:39.0809 4164 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:28:39.0812 4164 pcw - ok

15:28:39.0837 4164 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:28:39.0854 4164 PEAUTH - ok

15:28:40.0109 4164 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:28:40.0113 4164 PerfHost - ok

15:28:40.0163 4164 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

15:28:40.0196 4164 pla - ok

15:28:40.0270 4164 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:28:40.0279 4164 PlugPlay - ok

15:28:40.0292 4164 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:28:40.0296 4164 PNRPAutoReg - ok

15:28:40.0318 4164 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:28:40.0321 4164 PNRPsvc - ok

15:28:40.0389 4164 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:28:40.0407 4164 PolicyAgent - ok

15:28:40.0430 4164 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

15:28:40.0436 4164 Power - ok

15:28:40.0450 4164 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:28:40.0453 4164 PptpMiniport - ok

15:28:40.0472 4164 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

15:28:40.0474 4164 Processor - ok

15:28:40.0497 4164 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll

15:28:40.0502 4164 ProfSvc - ok

15:28:40.0516 4164 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe

15:28:40.0518 4164 ProtectedStorage - ok

15:28:40.0538 4164 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:28:40.0542 4164 Psched - ok

15:28:40.0598 4164 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

15:28:40.0601 4164 PxHlpa64 - ok

15:28:40.0644 4164 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

15:28:40.0681 4164 ql2300 - ok

15:28:40.0700 4164 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

15:28:40.0704 4164 ql40xx - ok

15:28:40.0773 4164 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:28:40.0788 4164 QWAVE - ok

15:28:40.0806 4164 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:28:40.0809 4164 QWAVEdrv - ok

15:28:40.0828 4164 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:28:40.0831 4164 RasAcd - ok

15:28:40.0902 4164 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:28:40.0906 4164 RasAgileVpn - ok

15:28:40.0933 4164 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:28:40.0937 4164 RasAuto - ok

15:28:40.0955 4164 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:28:40.0958 4164 Rasl2tp - ok

15:28:40.0981 4164 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

15:28:40.0988 4164 RasMan - ok

15:28:41.0009 4164 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:28:41.0012 4164 RasPppoe - ok

15:28:41.0022 4164 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:28:41.0025 4164 RasSstp - ok

15:28:41.0045 4164 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:28:41.0051 4164 rdbss - ok

15:28:41.0072 4164 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

15:28:41.0074 4164 rdpbus - ok

15:28:41.0087 4164 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:28:41.0091 4164 RDPCDD - ok

15:28:41.0111 4164 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:28:41.0113 4164 RDPENCDD - ok

15:28:41.0124 4164 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:28:41.0126 4164 RDPREFMP - ok

15:28:41.0144 4164 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:28:41.0149 4164 RDPWD - ok

15:28:41.0166 4164 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:28:41.0171 4164 rdyboost - ok

15:28:41.0251 4164 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:28:41.0259 4164 RemoteAccess - ok

15:28:41.0296 4164 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:28:41.0304 4164 RemoteRegistry - ok

15:28:41.0376 4164 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys

15:28:41.0379 4164 rimmptsk - ok

15:28:41.0387 4164 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys

15:28:41.0389 4164 rimsptsk - ok

15:28:41.0401 4164 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys

15:28:41.0403 4164 rismxdp - ok

15:28:41.0611 4164 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

15:28:41.0647 4164 RoxMediaDB10 - ok

15:28:41.0718 4164 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe

15:28:41.0745 4164 rpcapd - ok

15:28:41.0770 4164 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:28:41.0774 4164 RpcEptMapper - ok

15:28:41.0836 4164 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:28:41.0843 4164 RpcLocator - ok

15:28:41.0868 4164 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

15:28:41.0872 4164 RpcSs - ok

15:28:41.0931 4164 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:28:41.0934 4164 rspndr - ok

15:28:42.0003 4164 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys

15:28:42.0017 4164 RTHDMIAzAudService - ok

15:28:42.0023 4164 RxFilter - ok

15:28:42.0042 4164 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe

15:28:42.0044 4164 SamSs - ok

15:28:42.0173 4164 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

15:28:42.0252 4164 SASDIFSV - ok

15:28:42.0277 4164 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

15:28:42.0279 4164 SASKUTIL - ok

15:28:42.0457 4164 [ AD720D4D463B72C58DA9FF5933723A66 ] SBAMSvc C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe

15:28:42.0534 4164 SBAMSvc - ok

15:28:42.0596 4164 [ F90431C321F42F0E647B0C6A49644D97 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys

15:28:42.0599 4164 sbapifs - ok

15:28:42.0622 4164 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

15:28:42.0626 4164 sbp2port - ok

15:28:42.0646 4164 [ 9FFBE1A6D3A919D83AD7984DBC012F8C ] SBPIMSvc C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe

15:28:42.0689 4164 SBPIMSvc - ok

15:28:42.0756 4164 [ 7E07D2A5B910C71D6474E9AA0EAA1825 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys

15:28:42.0758 4164 SBRE - ok

15:28:42.0829 4164 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:28:42.0844 4164 SCardSvr - ok

15:28:42.0905 4164 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:28:42.0910 4164 scfilter - ok

15:28:42.0999 4164 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

15:28:43.0026 4164 Schedule - ok

15:28:43.0089 4164 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:28:43.0093 4164 SCPolicySvc - ok

15:28:43.0156 4164 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

15:28:43.0160 4164 sdbus - ok

15:28:43.0182 4164 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:28:43.0188 4164 SDRSVC - ok

15:28:43.0305 4164 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

15:28:43.0357 4164 SeaPort - ok

15:28:43.0377 4164 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:28:43.0381 4164 secdrv - ok

15:28:43.0395 4164 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

15:28:43.0400 4164 seclogon - ok

15:28:43.0407 4164 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

15:28:43.0410 4164 SENS - ok

15:28:43.0437 4164 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:28:43.0442 4164 SensrSvc - ok

15:28:43.0458 4164 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

15:28:43.0461 4164 Serenum - ok

15:28:43.0479 4164 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

15:28:43.0483 4164 Serial - ok

15:28:43.0501 4164 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

15:28:43.0503 4164 sermouse - ok

15:28:43.0535 4164 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

15:28:43.0541 4164 SessionEnv - ok

15:28:43.0559 4164 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

15:28:43.0561 4164 sffdisk - ok

15:28:43.0581 4164 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:28:43.0583 4164 sffp_mmc - ok

15:28:43.0600 4164 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

15:28:43.0602 4164 sffp_sd - ok

15:28:43.0612 4164 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

15:28:43.0614 4164 sfloppy - ok

15:28:43.0704 4164 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe

15:28:43.0759 4164 SftService - ok

15:28:43.0863 4164 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:28:43.0870 4164 SharedAccess - ok

15:28:43.0898 4164 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:28:43.0906 4164 ShellHWDetection - ok

15:28:43.0914 4164 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:28:43.0916 4164 SiSRaid2 - ok

15:28:43.0936 4164 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

15:28:43.0938 4164 SiSRaid4 - ok

15:28:43.0959 4164 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:28:43.0962 4164 Smb - ok

15:28:43.0993 4164 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:28:43.0998 4164 SNMPTRAP - ok

15:28:44.0008 4164 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:28:44.0011 4164 spldr - ok

15:28:44.0073 4164 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe

15:28:44.0090 4164 Spooler - ok

15:28:44.0167 4164 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

15:28:44.0235 4164 sppsvc - ok

15:28:44.0256 4164 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:28:44.0260 4164 sppuinotify - ok

15:28:44.0339 4164 [ 148D50904D2A0DF29A19778715EB35BB ] srv C:\Windows\system32\DRIVERS\srv.sys

15:28:44.0360 4164 srv - ok

15:28:44.0381 4164 [ CE2189FE31D36678AC9EB7DDEE08EC96 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:28:44.0388 4164 srv2 - ok

15:28:44.0454 4164 [ CB69EDEB069A49577592835659CD0E46 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:28:44.0461 4164 srvnet - ok

15:28:44.0485 4164 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:28:44.0491 4164 SSDPSRV - ok

15:28:44.0513 4164 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:28:44.0518 4164 SstpSvc - ok

15:28:44.0535 4164 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

15:28:44.0538 4164 stexstor - ok

15:28:44.0546 4164 STHDA - ok

15:28:44.0615 4164 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

15:28:44.0637 4164 stisvc - ok

15:28:44.0717 4164 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

15:28:44.0723 4164 stllssvr - ok

15:28:44.0747 4164 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

15:28:44.0749 4164 swenum - ok

15:28:44.0775 4164 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:28:44.0792 4164 swprv - ok

15:28:44.0869 4164 [ 1657B7442D5CE30533F5C4317716B468 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

15:28:44.0878 4164 SynTP - ok

15:28:44.0925 4164 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

15:28:44.0969 4164 SysMain - ok

15:28:44.0988 4164 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:28:44.0993 4164 TabletInputService - ok

15:28:45.0021 4164 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

15:28:45.0028 4164 TapiSrv - ok

15:28:45.0046 4164 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

15:28:45.0051 4164 TBS - ok

15:28:45.0142 4164 [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:28:45.0183 4164 Tcpip - ok

15:28:45.0233 4164 [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

15:28:45.0245 4164 TCPIP6 - ok

15:28:45.0265 4164 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:28:45.0268 4164 tcpipreg - ok

15:28:45.0288 4164 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:28:45.0290 4164 TDPIPE - ok

15:28:45.0301 4164 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:28:45.0305 4164 TDTCP - ok

15:28:45.0322 4164 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:28:45.0326 4164 tdx - ok

15:28:45.0337 4164 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

15:28:45.0340 4164 TermDD - ok

15:28:45.0368 4164 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

15:28:45.0389 4164 TermService - ok

15:28:45.0413 4164 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

15:28:45.0418 4164 Themes - ok

15:28:45.0482 4164 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:28:45.0490 4164 THREADORDER - ok

15:28:45.0517 4164 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

15:28:45.0522 4164 TrkWks - ok

15:28:45.0666 4164 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:28:45.0670 4164 TrustedInstaller - ok

15:28:45.0693 4164 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:28:45.0696 4164 tssecsrv - ok

15:28:45.0714 4164 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:28:45.0717 4164 tunnel - ok

15:28:45.0735 4164 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

15:28:45.0738 4164 uagp35 - ok

15:28:45.0764 4164 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:28:45.0773 4164 udfs - ok

15:28:45.0848 4164 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:28:45.0856 4164 UI0Detect - ok

15:28:45.0878 4164 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

15:28:45.0882 4164 uliagpkx - ok

15:28:45.0902 4164 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

15:28:45.0904 4164 umbus - ok

15:28:45.0919 4164 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

15:28:45.0922 4164 UmPass - ok

15:28:45.0947 4164 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:28:45.0955 4164 upnphost - ok

15:28:46.0019 4164 [ CD03479F2DA26500B203ED075C146A7A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

15:28:46.0022 4164 USBAAPL64 - ok

15:28:46.0045 4164 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:28:46.0048 4164 usbccgp - ok

15:28:46.0056 4164 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

15:28:46.0059 4164 usbcir - ok

15:28:46.0070 4164 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:28:46.0076 4164 usbehci - ok

15:28:46.0100 4164 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:28:46.0106 4164 usbhub - ok

15:28:46.0124 4164 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

15:28:46.0127 4164 usbohci - ok

15:28:46.0144 4164 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:28:46.0146 4164 usbprint - ok

15:28:46.0210 4164 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

15:28:46.0213 4164 usbscan - ok

15:28:46.0242 4164 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:28:46.0245 4164 USBSTOR - ok

15:28:46.0266 4164 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

15:28:46.0269 4164 usbuhci - ok

15:28:46.0331 4164 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

15:28:46.0336 4164 usbvideo - ok

15:28:46.0400 4164 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys

15:28:46.0405 4164 usb_rndisx - ok

15:28:46.0425 4164 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:28:46.0430 4164 UxSms - ok

15:28:46.0441 4164 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe

15:28:46.0442 4164 VaultSvc - ok

15:28:46.0506 4164 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys

15:28:46.0545 4164 VClone - ok

15:28:46.0567 4164 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

15:28:46.0570 4164 vdrvroot - ok

15:28:46.0593 4164 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

15:28:46.0611 4164 vds - ok

15:28:46.0626 4164 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:28:46.0629 4164 vga - ok

15:28:46.0643 4164 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:28:46.0646 4164 VgaSave - ok

15:28:46.0664 4164 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

15:28:46.0669 4164 vhdmp - ok

15:28:46.0677 4164 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

15:28:46.0679 4164 viaide - ok

15:28:46.0758 4164 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

15:28:46.0762 4164 volmgr - ok

15:28:46.0793 4164 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:28:46.0800 4164 volmgrx - ok

15:28:46.0818 4164 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

15:28:46.0824 4164 volsnap - ok

15:28:46.0843 4164 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

15:28:46.0848 4164 vsmraid - ok

15:28:46.0952 4164 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

15:28:46.0987 4164 VSS - ok

15:28:47.0006 4164 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

15:28:47.0008 4164 vwifibus - ok

15:28:47.0021 4164 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

15:28:47.0055 4164 vwififlt - ok

15:28:47.0078 4164 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:28:47.0095 4164 W32Time - ok

15:28:47.0117 4164 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

15:28:47.0119 4164 WacomPen - ok

15:28:47.0134 4164 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:28:47.0137 4164 WANARP - ok

15:28:47.0144 4164 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:28:47.0145 4164 Wanarpv6 - ok

15:28:47.0234 4164 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:28:47.0261 4164 WatAdminSvc - ok

15:28:47.0306 4164 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

15:28:47.0338 4164 wbengine - ok

15:28:47.0355 4164 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:28:47.0361 4164 WbioSrvc - ok

15:28:47.0448 4164 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:28:47.0457 4164 wcncsvc - ok

15:28:47.0475 4164 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:28:47.0479 4164 WcsPlugInService - ok

15:28:47.0487 4164 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

15:28:47.0490 4164 Wd - ok

15:28:47.0550 4164 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

15:28:47.0553 4164 WDC_SAM - ok

15:28:47.0579 4164 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:28:47.0598 4164 Wdf01000 - ok

15:28:47.0613 4164 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:28:47.0618 4164 WdiServiceHost - ok

15:28:47.0626 4164 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:28:47.0629 4164 WdiSystemHost - ok

15:28:47.0700 4164 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll

15:28:47.0716 4164 WebClient - ok

15:28:47.0748 4164 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:28:47.0755 4164 Wecsvc - ok

15:28:47.0771 4164 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:28:47.0776 4164 wercplsupport - ok

15:28:47.0793 4164 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:28:47.0798 4164 WerSvc - ok

15:28:47.0816 4164 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:28:47.0818 4164 WfpLwf - ok

15:28:47.0891 4164 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

15:28:47.0899 4164 WimFltr - ok

15:28:47.0923 4164 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:28:47.0926 4164 WIMMount - ok

15:28:48.0000 4164 WinDefend - ok

15:28:48.0026 4164 WinHttpAutoProxySvc - ok

15:28:48.0158 4164 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:28:48.0167 4164 Winmgmt - ok

15:28:48.0226 4164 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

15:28:48.0270 4164 WinRM - ok

15:28:48.0300 4164 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

15:28:48.0303 4164 WinUsb - ok

15:28:48.0338 4164 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:28:48.0371 4164 Wlansvc - ok

15:28:48.0558 4164 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:28:48.0602 4164 wlidsvc - ok

15:28:48.0674 4164 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

15:28:48.0679 4164 wltrysvc - ok

15:28:48.0744 4164 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

15:28:48.0747 4164 WmiAcpi - ok

15:28:48.0834 4164 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:28:48.0842 4164 wmiApSrv - ok

15:28:48.0866 4164 WMPNetworkSvc - ok

15:28:48.0883 4164 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:28:48.0888 4164 WPCSvc - ok

15:28:48.0903 4164 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:28:48.0909 4164 WPDBusEnum - ok

15:28:48.0926 4164 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:28:48.0928 4164 ws2ifsl - ok

15:28:49.0015 4164 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll

15:28:49.0021 4164 wscsvc - ok

15:28:49.0031 4164 WSearch - ok

15:28:49.0144 4164 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:28:49.0199 4164 wuauserv - ok

15:28:49.0217 4164 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:28:49.0220 4164 WudfPf - ok

15:28:49.0241 4164 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:28:49.0245 4164 WUDFRd - ok

15:28:49.0255 4164 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:28:49.0260 4164 wudfsvc - ok

15:28:49.0277 4164 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

15:28:49.0284 4164 WwanSvc - ok

15:28:49.0369 4164 [ 2EE5376D5B38084A4EDDC4220C763BF9 ] YMIDUSBW C:\Windows\system32\drivers\ymidusbx64.sys

15:28:49.0372 4164 YMIDUSBW - ok

15:28:49.0392 4164 ================ Scan global ===============================

15:28:49.0471 4164 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:28:49.0560 4164 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll

15:28:49.0596 4164 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll

15:28:49.0656 4164 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:28:49.0733 4164 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:28:49.0753 4164 [Global] - ok

15:28:49.0753 4164 ================ Scan MBR ==================================

15:28:49.0769 4164 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

15:28:50.0086 4164 \Device\Harddisk0\DR0 - ok

15:28:50.0086 4164 ================ Scan VBR ==================================

15:28:50.0090 4164 [ D7378BF694D12B3BE92B25933EFD13FA ] \Device\Harddisk0\DR0\Partition1

15:28:50.0092 4164 \Device\Harddisk0\DR0\Partition1 - ok

15:28:50.0108 4164 [ EBBE15E9AC9BD469CB60522A92BCC846 ] \Device\Harddisk0\DR0\Partition2

15:28:50.0110 4164 \Device\Harddisk0\DR0\Partition2 - ok

15:28:50.0112 4164 ============================================================

15:28:50.0112 4164 Scan finished

15:28:50.0112 4164 ============================================================

15:28:50.0124 2988 Detected object count: 1

15:28:50.0124 2988 Actual detected object count: 1

15:28:56.0422 2988 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

15:28:56.0422 2988 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-29 15:29:53

-----------------------------

15:29:53.318 OS Version: Windows x64 6.1.7600

15:29:53.318 Number of processors: 2 586 0x170A

15:29:53.320 ComputerName: JEFFREYPOON-PC UserName: Jeffrey Poon

15:29:54.584 Initialize success

15:35:00.942 AVAST engine defs: 12092900

20:13:41.405 The log file has been saved successfully to "C:\Users\Jeffrey Poon\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-29 20:16:39

-----------------------------

20:16:39.568 OS Version: Windows x64 6.1.7600

20:16:39.568 Number of processors: 2 586 0x170A

20:16:39.569 ComputerName: JEFFREYPOON-PC UserName: Jeffrey Poon

20:16:41.161 Initialize success

20:16:52.608 AVAST engine defs: 12092900

20:16:56.706 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

20:16:56.712 Disk 0 Vendor: ST9500420ASG 0003SDM1 Size: 476940MB BusType: 11

20:16:56.768 Disk 0 MBR read successfully

20:16:56.772 Disk 0 MBR scan

20:16:56.891 Disk 0 Windows VISTA default MBR code

20:16:56.913 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

20:16:56.932 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325

20:16:56.950 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325

20:16:56.986 Disk 0 scanning C:\Windows\system32\drivers

20:17:12.031 Service scanning

20:17:43.905 Modules scanning

20:17:43.921 Disk 0 trace - called modules:

20:17:43.969 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

20:17:43.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80023b5730]

20:17:43.983 3 CLASSPNP.SYS[fffff880010ae43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002256680]

20:17:45.043 AVAST engine scan C:\Windows

20:17:49.068 AVAST engine scan C:\Windows\system32

20:20:00.619 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

20:20:03.384 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

20:22:56.899 AVAST engine scan C:\Windows\system32\drivers

20:23:13.862 AVAST engine scan C:\Users\Jeffrey Poon

20:32:16.143 AVAST engine scan C:\ProgramData

20:38:34.277 Scan finished successfully

20:44:09.672 Disk 0 MBR has been saved successfully to "C:\Users\Jeffrey Poon\Desktop\MBR.dat"

20:44:09.677 The log file has been saved successfully to "C:\Users\Jeffrey Poon\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

File::
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

I ran ComboFix with the script as you said. I haven't immediately noticed any change in performance when I do any google search. Redirects are still gone (thankfully). The log is pasted below.

ComboFix 12-09-29.01 - Jeffrey Poon 09/30/2012 8:53.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2043.835 [GMT -4:00]

Running from: c:\users\Jeffrey Poon\Desktop\ComboFix.exe

Command switches used :: c:\users\Jeffrey Poon\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Sunbelt CounterSpy *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\assembly\GAC_32\Desktop.ini"

"c:\windows\assembly\GAC_64\Desktop.ini"

.

.

((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))

.

.

2012-09-30 13:03 . 2012-09-30 13:03 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-09-30 13:03 . 2012-09-30 13:03 -------- d-----w- c:\users\TEMP.JeffreyPoon-PC\AppData\Local\temp

2012-09-30 13:03 . 2012-09-30 13:03 -------- d-----w- c:\users\TEMP.JeffreyPoon-PC.001\AppData\Local\temp

2012-09-30 13:03 . 2012-09-30 13:03 -------- d-----w- c:\users\TEMP.JeffreyPoon-PC.000\AppData\Local\temp

2012-09-30 13:03 . 2012-09-30 13:03 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-09-30 13:03 . 2012-09-30 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-29 04:57 . 2012-09-29 04:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-27 01:56 . 2012-09-27 01:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-09-22 14:43 . 2012-09-22 14:43 -------- d-----w- c:\users\Jeffrey Poon\AppData\Roaming\SUPERAntiSpyware.com

2012-09-22 14:40 . 2012-09-25 23:58 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-09-22 14:40 . 2012-09-22 14:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-09-08 01:20 . 2012-09-20 02:33 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2012-09-07 17:09 . 2012-09-07 17:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-09-07 03:07 . 2012-09-07 03:07 -------- d-----w- c:\program files (x86)\Elaborate Bytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-22 02:45 . 2012-05-10 12:58 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-22 02:45 . 2012-01-10 21:27 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-21 03:00 . 2011-04-05 21:12 1684 ----a-w- c:\windows\system32\ASOROSet.bin

2012-09-07 23:22 . 2011-04-05 21:08 18784 ----a-w- c:\windows\system32\roboot64.exe

2012-09-07 21:04 . 2010-03-01 21:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-29 00:24 . 2012-06-19 13:42 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-08-29 00:24 . 2010-05-15 05:07 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c0326c12-9f06-4344-aa25-60267226bb7d}]

2011-06-23 17:54 81920 ----a-w- c:\program files (x86)\gpotatotoolbar\vmntemplateX.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{c0326c12-9f06-4344-aa25-60267226bb7d}"= "c:\program files (x86)\gpotatotoolbar\vmntemplateX.dll" [2011-06-23 81920]

.

[HKEY_CLASSES_ROOT\clsid\{c0326c12-9f06-4344-aa25-60267226bb7d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-25 5664640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"FAStartup"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-16 560128]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Jeffrey Poon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BTGuard Updates.lnk - c:\btguard\settings.exe [2011-11-15 1254912]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]

R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\DriftCity\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-14 1432400]

R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-02-25 45176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 136176]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-09 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-01-31 49256]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]

S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-09-07 263520]

S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-22 673792]

S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]

S2 SBAMSvc;CounterSpy Antispyware;c:\program files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe [2010-08-20 2763080]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 64600]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe [2010-08-20 181584]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2011-01-13 705856]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-07 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-07 66328]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-07 16008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 02:45]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 14:49]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 14:49]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3523982654-615243500-1193457057-1001Core.job

- c:\users\Jeffrey Poon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 14:49]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3523982654-615243500-1193457057-1001UA.job

- c:\users\Jeffrey Poon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 14:49]

.

2012-09-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1339b91d-412a-44b0-ba02-67e354f6980d.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

TCP: DhcpNameServer = 216.106.154.1

FF - ProfilePath - c:\users\Jeffrey Poon\AppData\Roaming\Mozilla\Firefox\Profiles\fys26f3r.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-SecureW2 Personal Client - Distribution Edition - c:\program files (x86)\SecureW2\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]

"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-30 09:08:04

ComboFix-quarantined-files.txt 2012-09-30 13:08

ComboFix2.txt 2012-09-29 19:04

.

Pre-Run: 13,241,491,456 bytes free

Post-Run: 13,103,910,912 bytes free

.

- - End Of File - - 6BA1529A76F852EFFFAF1804C370042A

Link to post
Share on other sites

  • Staff

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Adobe Reader 9.2
      Java 6 Update 35

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
    You can download it from
http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
  • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from
here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

Ok I've uninstalled Adobe Reader and Java and reinstalled the latest Adobe Reader version. I'm having some problems going onto Java's website do download its latest version (maybe site is down or something). I'll keep trying periodically for the rest of the night. I've also ran CCleaner, Mbam, and HijackThis as you suggested. I've had no problems with CCleaner and Mbam, but HijackThis popped this window up while scanning. I went ahead and clicked OK. The logs are pasted below.

MBAM

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.30.06

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Jeffrey Poon :: JEFFREYPOON-PC [administrator]

9/30/2012 8:26:34 PM

mbam-log-2012-09-30 (20-26-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 256411

Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:39:12 PM, on 9/30/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Users\Jeffrey Poon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: GPotato Toolbar - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: GPotato Toolbar - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: BTGuard Updates.lnk = C:\BTGUARD\settings.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe

O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: FAService - Sensible Vision - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager (mitsijm2011) - Unknown owner - C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe

O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager (mitsijm2012) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe

O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14083 bytes

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

    [*] Close all open windows and browsers/email, etc...

    [*] Click on the "Fix Checked" button

    [*] When completed, close the application.

    • NOTE**You can research each of those lines
    >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

Okay, I ran Eset Online Scanner and some threats popped up. The log is pasted below.

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0000\zafs0000\tsk0003.dta Win64/Conedex.C trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0000\zafs0000\tsk0004.dta Win64/Agent.BA trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.B trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0000\zafs0000\tsk0006.dta Win64/Sirefef.AP trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0000\zafs0000\tsk0007.dta probably a variant of Win32/Sirefef.FD trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0001\file0000\tsk0000.dta Win64/Patched.A.Gen trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0001\zafs0000\tsk0003.dta Win64/Conedex.C trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0001\zafs0000\tsk0004.dta Win64/Agent.BA trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0001\zafs0000\tsk0005.dta Win64/Conedex.B trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0001\zafs0000\tsk0006.dta Win64/Sirefef.AP trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0001\zafs0000\tsk0007.dta probably a variant of Win32/Sirefef.FD trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0002\file0000\tsk0000.dta Win64/Patched.A.Gen trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0002\zafs0000\tsk0003.dta Win64/Conedex.C trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0002\zafs0000\tsk0004.dta Win64/Agent.BA trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0002\zafs0000\tsk0005.dta Win64/Conedex.B trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0002\zafs0000\tsk0006.dta Win64/Sirefef.AP trojan

C:\TDSSKiller_Quarantine\29.09.2012_00.55.17\zasubsys0002\zafs0000\tsk0007.dta probably a variant of Win32/Sirefef.FD trojan

C:\Users\Jeffrey Poon\Desktop\Random Stuff\frostwire-4.21.3.windows.exe Win32/OpenCandy application

C:\Users\Jeffrey Poon\Documents\Mabinogi Backup\Client.exe a variant of Win32/Packed.Themida application

C:\Users\Jeffrey Poon\Documents\Mabinogi Backup\Client.exe.bak a variant of Win32/Packed.Themida application

C:\Users\Jeffrey Poon\Documents\Mabinogi Backup\Client_AVG_RESTORED.exe a variant of Win32/Packed.Themida application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KM2VF6P0\kittyflix_com[1].txt HTML/ScrInject.B.Gen virus

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KM2VF6P0\kittyflix_com[1].txt HTML/ScrInject.B.Gen virus

Link to post
Share on other sites

  • Staff

Hello

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the quote box (below)...to Notepad.
    @echo off
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Users\Jeffrey Poon\Desktop\Random Stuff\frostwire-4.21.3.windows.exe"
    del /f /s /q "C:\Users\Jeffrey Poon\Documents\Mabinogi Backup\Client.exe"
    del /f /s /q "C:\Users\Jeffrey Poon\Documents\Mabinogi Backup\Client.exe.bak"
    del /f /s /q "C:\Users\Jeffrey Poon\Documents\Mabinogi Backup\Client_AVG_RESTORED.exe"
    rd /s /q "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KM2VF6P0\"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.