Jump to content

Scour redirect virus removal help needed


Recommended Posts

Hi,

Running Windows 7. Yesterday discovered that all of "my documents" contents were missing and also pictures that i had had saved on computer were missing. Also when doing search on google.com in explorer browser I would get redirected to Scour webpage.

Ran DDS as instructed, here is log file. DO you want me to attach the "Attach" log file?

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Don Gonsalves at 20:09:49 on 2012-04-18

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1046 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Broadcom\BPowMon\BPowMon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\Common Files\aol\1277647536\ee\aolsoftware.exe

C:\Windows\BCMSMMSG.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\StorageSync\StrgSync.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\AOL Desktop 9.6\waol.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AOL Desktop 9.6\shellmon.exe

C:\Windows\Explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com

uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll

mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [HostManager] c:\program files\common files\aol\1277647536\ee\AOLSoftware.exe

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [strgSync.exe] c:\program files\storagesync\StrgSync.exe -w

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_ActiveX.exe -update activex

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{84F609E4-4E22-4BD8-A9FE-AECC78B3AA54} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-6-15 81920]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-6-15 273960]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 1025352]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-2 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-27 136176]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-27 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-04-18 23:48:59 -------- d-sh--w- C:\$RECYCLE.BIN

2012-04-18 23:26:55 98816 ----a-w- c:\windows\sed.exe

2012-04-18 23:26:55 518144 ----a-w- c:\windows\SWREG.exe

2012-04-18 23:26:55 256000 ----a-w- c:\windows\PEV.exe

2012-04-18 23:26:55 208896 ----a-w- c:\windows\MBR.exe

2012-04-18 22:44:20 -------- d-----w- c:\users\don gonsalves\appdata\roaming\SUPERAntiSpyware.com

2012-04-18 22:43:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-18 22:43:54 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-18 22:43:30 16090640 ----a-w- C:\SAS_935F0.EXE

2012-04-18 20:59:24 -------- d-----w- c:\users\don gonsalves\appdata\roaming\Malwarebytes

2012-04-18 20:59:20 -------- d-----w- c:\programdata\Malwarebytes

2012-04-18 20:59:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-18 20:59:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-18 20:56:05 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe

2012-04-18 20:45:34 2072112 ----a-w- C:\TDSSKiller.exe

2012-04-14 13:22:31 -------- d--h--w- c:\programdata\CanonIJEGV

2012-04-13 07:00:43 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-13 07:00:42 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 07:02:02 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 07:02:02 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 07:02:02 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 07:02:02 158720 ----a-w- c:\windows\system32\imagehlp.dll

.

==================== Find3M ====================

.

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-22 12:29:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 05:44:51 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 05:44:50 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 05:40:26 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

============= FINISH: 20:10:21.89 ===============

Link to post
Share on other sites

Hello efgonzo61! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please post the content of Attach.txt, don't attach it.

Next, visit www.virustotal.com and upload the following file:

C:\SAS_935F0.EXE

Then wait until scan finished and copy/paste the link in your next reply with content of Attach.txt

Link to post
Share on other sites

Hi Maniac,

I ran the virus tool and here is the link to the results. Results were clean.

https://www.virustot...sis/1334859542/

Here is the "attach" text file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/26/2010 7:45:31 PM

System Uptime: 4/18/2012 7:43:34 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 07N90W

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | CPU 1 | 2926/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 187.29 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 149 GiB total, 100.215 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: WAN Miniport (ATW)

Device ID: ROOT\NET\0001

Manufacturer: America Online, Inc.

Name: WAN Miniport (ATW) #2

PNP Device ID: ROOT\NET\0001

Service: wanatw

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: WAN Miniport (ATW)

Device ID: ROOT\NET\0002

Manufacturer: America Online, Inc.

Name: WAN Miniport (ATW) #3

PNP Device ID: ROOT\NET\0002

Service: wanatw

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.0

AOL Toolbar

AOL Uninstaller (Choose which Products to Remove)

ArcSoft PhotoStudio 5.5

ATT-RC Self Support Tool

AVG 2012

BCM V.92 56K Modem

Broadcom Gigabit NetLink Controller

Broadcom Management Programs

Canon CanoScan LiDE 100 User Registration

Canon MP Navigator EX 2.0

Canon Utilities Solution Menu

CanoScan LiDE 100 Scanner Driver

D3DX10

Dell Backup and Recovery Manager

Dell Edoc Viewer

Download Updater (AOL LLC)

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Inkjet Printer/Scanner Extended Survey Program

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java™ 6 Update 26

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Starter 2010 - English

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

OGA Notifier 2.0.0048.0

PowerDVD DX

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

StorageSync Backup Software

SUPERAntiSpyware

Uninstall AOL Emergency Connect Utility 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Viewpoint Media Player

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip

.

==== Event Viewer Messages From Past Week ========

.

4/18/2012 8:10:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

4/18/2012 8:00:49 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The system cannot find the file specified.

4/18/2012 7:56:56 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The system cannot find the file specified.

4/18/2012 7:51:11 PM, Error: Service Control Manager [7000] - The Windows Backup service failed to start due to the following error: The system cannot find the file specified.

4/18/2012 7:51:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service sdrsvc with arguments "" in order to run the server: {47135EEA-06B6-4452-8787-4A187C64A47E}

4/18/2012 7:49:09 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The system cannot find the file specified.

4/18/2012 7:49:09 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The system cannot find the file specified.

4/18/2012 7:49:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070002'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

4/18/2012 7:49:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The system cannot find the file specified.

4/18/2012 7:49:06 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The system cannot find the file specified.

4/18/2012 7:45:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

4/18/2012 7:43:57 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the file specified.

4/18/2012 7:43:57 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the file specified.

4/18/2012 7:43:03 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

4/18/2012 6:50:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

4/18/2012 4:05:41 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/18/2012 4:05:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/18/2012 4:05:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/18/2012 4:05:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/18/2012 4:05:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/18/2012 4:05:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/18/2012 4:05:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache spldr Wanarpv6

4/18/2012 4:05:24 PM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.

4/18/2012 4:05:24 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

4/12/2012 7:30:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/12/2012 3:02:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 7 (KB2679255).

4/11/2012 3:46:50 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.

4/11/2012 3:46:50 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.

4/11/2012 3:46:50 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.

4/11/2012 3:46:49 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

4/11/2012 3:45:51 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

.

==== End Of File ===========================

Link to post
Share on other sites

It seems this file is part of SuperAntiSpyware.

Step 1

Please uninstall Viewpoint Media Player, because reportedly about to "Plunge Into Adware" - see here.

Step 2

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Step 3

I see that your already run TDSSKiller, but suggest you to manually delete your copy and then download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Hi Maniac,

I did as instructed. Here is the log file from the TDSSKiller program. It did find one file on the computer but I was NOT given the CURE option. So I hit "skip" as instructed.

10:36:27.0306 5860 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31

10:36:27.0774 5860 ============================================================

10:36:27.0774 5860 Current date / time: 2012/04/20 10:36:27.0774

10:36:27.0774 5860 SystemInfo:

10:36:27.0774 5860

10:36:27.0774 5860 OS Version: 6.1.7600 ServicePack: 0.0

10:36:27.0774 5860 Product type: Workstation

10:36:27.0774 5860 ComputerName: DONGONSALVES-PC

10:36:27.0774 5860 UserName: Don Gonsalves

10:36:27.0774 5860 Windows directory: C:\Windows

10:36:27.0774 5860 System windows directory: C:\Windows

10:36:27.0774 5860 Processor architecture: Intel x86

10:36:27.0774 5860 Number of processors: 2

10:36:27.0774 5860 Page size: 0x1000

10:36:27.0774 5860 Boot type: Normal boot

10:36:27.0774 5860 ============================================================

10:36:29.0147 5860 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:36:29.0162 5860 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:36:29.0178 5860 \Device\Harddisk0\DR0:

10:36:29.0178 5860 MBR partitions:

10:36:29.0178 5860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x132D000

10:36:29.0178 5860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1341000, BlocksNum 0x1BE67800

10:36:29.0178 5860 \Device\Harddisk1\DR1:

10:36:29.0178 5860 MBR partitions:

10:36:29.0178 5860 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82

10:36:29.0209 5860 C: <-> \Device\Harddisk0\DR0\Partition1

10:36:29.0240 5860 E: <-> \Device\Harddisk1\DR1\Partition0

10:36:29.0240 5860 Initialize success

10:36:29.0240 5860 ============================================================

10:37:04.0110 2576 ============================================================

10:37:04.0110 2576 Scan started

10:37:04.0110 2576 Mode: Manual; SigCheck; TDLFS;

10:37:04.0110 2576 ============================================================

10:37:05.0873 2576 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

10:37:05.0920 2576 !SASCORE - ok

10:37:06.0107 2576 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys

10:37:06.0169 2576 1394ohci - ok

10:37:06.0325 2576 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

10:37:06.0325 2576 ACPI - ok

10:37:06.0450 2576 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

10:37:06.0544 2576 AcpiPmi - ok

10:37:06.0668 2576 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

10:37:06.0684 2576 adp94xx - ok

10:37:06.0840 2576 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

10:37:06.0856 2576 adpahci - ok

10:37:06.0965 2576 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

10:37:06.0980 2576 adpu320 - ok

10:37:07.0074 2576 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

10:37:07.0136 2576 AeLookupSvc - ok

10:37:07.0246 2576 AERTFilters (7a841462ad4749f8a07b27ae8e8947b8) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

10:37:07.0386 2576 AERTFilters - ok

10:37:07.0511 2576 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

10:37:07.0558 2576 AFD - ok

10:37:07.0667 2576 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

10:37:07.0682 2576 agp440 - ok

10:37:07.0745 2576 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

10:37:07.0760 2576 aic78xx - ok

10:37:07.0885 2576 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

10:37:07.0963 2576 ALG - ok

10:37:08.0041 2576 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

10:37:08.0057 2576 aliide - ok

10:37:08.0119 2576 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

10:37:08.0150 2576 amdagp - ok

10:37:08.0275 2576 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

10:37:08.0275 2576 amdide - ok

10:37:08.0416 2576 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

10:37:08.0478 2576 AmdK8 - ok

10:37:08.0587 2576 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

10:37:08.0618 2576 AmdPPM - ok

10:37:08.0774 2576 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

10:37:08.0774 2576 amdsata - ok

10:37:08.0899 2576 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

10:37:08.0930 2576 amdsbs - ok

10:37:09.0024 2576 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

10:37:09.0040 2576 amdxata - ok

10:37:09.0196 2576 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

10:37:09.0227 2576 AOL ACS - ok

10:37:09.0336 2576 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

10:37:09.0398 2576 AppID - ok

10:37:09.0539 2576 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

10:37:09.0632 2576 AppIDSvc - ok

10:37:09.0773 2576 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll

10:37:09.0820 2576 Appinfo - ok

10:37:09.0929 2576 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

10:37:09.0944 2576 arc - ok

10:37:10.0069 2576 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

10:37:10.0085 2576 arcsas - ok

10:37:10.0194 2576 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

10:37:10.0319 2576 AsyncMac - ok

10:37:10.0397 2576 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

10:37:10.0412 2576 atapi - ok

10:37:10.0553 2576 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

10:37:10.0600 2576 AudioEndpointBuilder - ok

10:37:10.0600 2576 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

10:37:10.0631 2576 Audiosrv - ok

10:37:10.0818 2576 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

10:37:10.0849 2576 AVG Security Toolbar Service - ok

10:37:11.0083 2576 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

10:37:11.0177 2576 AVGIDSAgent - ok

10:37:11.0317 2576 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

10:37:11.0333 2576 AVGIDSDriver - ok

10:37:11.0442 2576 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

10:37:11.0442 2576 AVGIDSEH - ok

10:37:11.0489 2576 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

10:37:11.0489 2576 AVGIDSFilter - ok

10:37:11.0614 2576 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

10:37:11.0614 2576 AVGIDSShim - ok

10:37:11.0738 2576 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys

10:37:11.0754 2576 Avgldx86 - ok

10:37:11.0879 2576 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys

10:37:11.0894 2576 Avgmfx86 - ok

10:37:12.0019 2576 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys

10:37:12.0035 2576 Avgrkx86 - ok

10:37:12.0175 2576 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys

10:37:12.0191 2576 Avgtdix - ok

10:37:12.0316 2576 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

10:37:12.0331 2576 avgwd - ok

10:37:12.0456 2576 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll

10:37:12.0503 2576 AxInstSV - ok

10:37:12.0643 2576 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

10:37:12.0706 2576 b06bdrv - ok

10:37:12.0815 2576 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

10:37:12.0846 2576 b57nd60x - ok

10:37:13.0018 2576 BCMModem (41347688046d49cde0f6d138a534f73d) C:\Windows\system32\DRIVERS\BCMSM.sys

10:37:13.0080 2576 BCMModem - ok

10:37:13.0189 2576 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

10:37:13.0236 2576 BDESVC - ok

10:37:13.0345 2576 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

10:37:13.0376 2576 Beep - ok

10:37:13.0501 2576 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll

10:37:13.0564 2576 BFE - ok

10:37:13.0673 2576 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll

10:37:13.0735 2576 BITS - ok

10:37:13.0829 2576 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

10:37:13.0860 2576 blbdrive - ok

10:37:13.0969 2576 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

10:37:14.0000 2576 bowser - ok

10:37:14.0141 2576 BPowMon (104c980400850ea84f86cd31ae2eeece) C:\Program Files\Broadcom\BPowMon\BPowMon.exe

10:37:14.0156 2576 BPowMon - ok

10:37:14.0234 2576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:37:14.0281 2576 BrFiltLo - ok

10:37:14.0359 2576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:37:14.0406 2576 BrFiltUp - ok

10:37:14.0546 2576 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

10:37:14.0593 2576 BridgeMP - ok

10:37:14.0687 2576 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll

10:37:14.0702 2576 Browser - ok

10:37:14.0734 2576 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

10:37:14.0796 2576 Brserid - ok

10:37:14.0890 2576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

10:37:14.0921 2576 BrSerWdm - ok

10:37:15.0014 2576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:37:15.0046 2576 BrUsbMdm - ok

10:37:15.0170 2576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

10:37:15.0202 2576 BrUsbSer - ok

10:37:15.0295 2576 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

10:37:15.0311 2576 BTHMODEM - ok

10:37:15.0436 2576 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

10:37:15.0482 2576 bthserv - ok

10:37:15.0576 2576 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

10:37:15.0607 2576 cdfs - ok

10:37:15.0763 2576 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

10:37:15.0794 2576 cdrom - ok

10:37:15.0888 2576 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

10:37:15.0935 2576 CertPropSvc - ok

10:37:16.0075 2576 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

10:37:16.0106 2576 circlass - ok

10:37:16.0200 2576 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

10:37:16.0216 2576 CLFS - ok

10:37:16.0356 2576 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:37:16.0372 2576 clr_optimization_v2.0.50727_32 - ok

10:37:16.0512 2576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:37:16.0528 2576 clr_optimization_v4.0.30319_32 - ok

10:37:16.0637 2576 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

10:37:16.0668 2576 CmBatt - ok

10:37:16.0777 2576 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

10:37:16.0777 2576 cmdide - ok

10:37:16.0886 2576 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys

10:37:16.0918 2576 CNG - ok

10:37:17.0011 2576 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

10:37:17.0011 2576 Compbatt - ok

10:37:17.0152 2576 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

10:37:17.0183 2576 CompositeBus - ok

10:37:17.0276 2576 COMSysApp - ok

10:37:17.0323 2576 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

10:37:17.0323 2576 crcdisk - ok

10:37:17.0464 2576 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll

10:37:17.0510 2576 CryptSvc - ok

10:37:17.0666 2576 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

10:37:17.0698 2576 cvhsvc - ok

10:37:17.0791 2576 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

10:37:17.0822 2576 DcomLaunch - ok

10:37:17.0947 2576 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

10:37:17.0994 2576 defragsvc - ok

10:37:18.0103 2576 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

10:37:18.0150 2576 DfsC - ok

10:37:18.0290 2576 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll

10:37:18.0337 2576 Dhcp - ok

10:37:18.0415 2576 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

10:37:18.0462 2576 discache - ok

10:37:18.0602 2576 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

10:37:18.0618 2576 Disk - ok

10:37:18.0696 2576 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll

10:37:18.0743 2576 Dnscache - ok

10:37:18.0852 2576 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll

10:37:18.0899 2576 dot3svc - ok

10:37:18.0977 2576 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll

10:37:19.0024 2576 DPS - ok

10:37:19.0180 2576 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

10:37:19.0211 2576 drmkaud - ok

10:37:19.0304 2576 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

10:37:19.0336 2576 DXGKrnl - ok

10:37:19.0445 2576 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

10:37:19.0476 2576 EapHost - ok

10:37:19.0663 2576 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

10:37:19.0741 2576 ebdrv - ok

10:37:19.0850 2576 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe

10:37:19.0928 2576 EFS - ok

10:37:20.0006 2576 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe

10:37:20.0069 2576 ehRecvr - ok

10:37:20.0162 2576 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

10:37:20.0194 2576 ehSched - ok

10:37:20.0318 2576 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

10:37:20.0334 2576 elxstor - ok

10:37:20.0443 2576 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

10:37:20.0474 2576 ErrDev - ok

10:37:20.0568 2576 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

10:37:20.0615 2576 EventSystem - ok

10:37:20.0740 2576 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

10:37:20.0771 2576 exfat - ok

10:37:20.0864 2576 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

10:37:20.0880 2576 fastfat - ok

10:37:21.0052 2576 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe

10:37:21.0145 2576 Fax - ok

10:37:21.0239 2576 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

10:37:21.0286 2576 fdc - ok

10:37:21.0379 2576 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

10:37:21.0457 2576 fdPHost - ok

10:37:21.0691 2576 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

10:37:21.0754 2576 FDResPub - ok

10:37:21.0863 2576 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

10:37:21.0863 2576 FileInfo - ok

10:37:21.0972 2576 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

10:37:22.0019 2576 Filetrace - ok

10:37:22.0206 2576 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

10:37:22.0237 2576 flpydisk - ok

10:37:22.0346 2576 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

10:37:22.0346 2576 FltMgr - ok

10:37:22.0471 2576 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll

10:37:22.0534 2576 FontCache - ok

10:37:22.0596 2576 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

10:37:22.0612 2576 FontCache3.0.0.0 - ok

10:37:22.0674 2576 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

10:37:22.0674 2576 FsDepends - ok

10:37:22.0799 2576 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

10:37:22.0814 2576 fssfltr - ok

10:37:22.0970 2576 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

10:37:23.0017 2576 fsssvc - ok

10:37:23.0158 2576 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys

10:37:23.0158 2576 Fs_Rec - ok

10:37:23.0282 2576 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

10:37:23.0298 2576 fvevol - ok

10:37:23.0438 2576 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:37:23.0438 2576 gagp30kx - ok

10:37:23.0532 2576 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll

10:37:23.0579 2576 gpsvc - ok

10:37:23.0719 2576 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

10:37:23.0719 2576 gupdate - ok

10:37:23.0750 2576 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

10:37:23.0766 2576 gupdatem - ok

10:37:23.0875 2576 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

10:37:23.0891 2576 gusvc - ok

10:37:23.0984 2576 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

10:37:24.0031 2576 hcw85cir - ok

10:37:24.0172 2576 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:37:24.0203 2576 HDAudBus - ok

10:37:24.0296 2576 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

10:37:24.0328 2576 HidBatt - ok

10:37:24.0452 2576 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

10:37:24.0484 2576 HidBth - ok

10:37:24.0593 2576 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

10:37:24.0624 2576 HidIr - ok

10:37:24.0718 2576 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

10:37:24.0764 2576 hidserv - ok

10:37:24.0874 2576 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

10:37:24.0889 2576 HidUsb - ok

10:37:24.0983 2576 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll

10:37:25.0030 2576 hkmsvc - ok

10:37:25.0108 2576 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll

10:37:25.0170 2576 HomeGroupListener - ok

10:37:25.0264 2576 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll

10:37:25.0295 2576 HomeGroupProvider - ok

10:37:25.0404 2576 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

10:37:25.0420 2576 HpSAMD - ok

10:37:25.0576 2576 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

10:37:25.0622 2576 HTTP - ok

10:37:25.0732 2576 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

10:37:25.0763 2576 hwpolicy - ok

10:37:25.0888 2576 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

10:37:25.0903 2576 i8042prt - ok

10:37:26.0075 2576 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

10:37:26.0122 2576 iaStorV - ok

10:37:26.0371 2576 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:37:26.0402 2576 idsvc - ok

10:37:26.0668 2576 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

10:37:26.0902 2576 igfx - ok

10:37:27.0026 2576 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

10:37:27.0026 2576 iirsp - ok

10:37:27.0182 2576 IJPLMSVC (755519f49906b73c1fe9cbbf75e347ea) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

10:37:27.0182 2576 IJPLMSVC - ok

10:37:27.0323 2576 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll

10:37:27.0385 2576 IKEEXT - ok

10:37:27.0572 2576 IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\Windows\system32\drivers\RTKVHDA.sys

10:37:27.0650 2576 IntcAzAudAddService - ok

10:37:27.0775 2576 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

10:37:27.0775 2576 intelide - ok

10:37:27.0822 2576 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

10:37:27.0838 2576 intelppm - ok

10:37:27.0931 2576 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

10:37:27.0978 2576 IPBusEnum - ok

10:37:28.0087 2576 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:37:28.0118 2576 IpFilterDriver - ok

10:37:28.0212 2576 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll

10:37:28.0259 2576 iphlpsvc - ok

10:37:28.0368 2576 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

10:37:28.0399 2576 IPMIDRV - ok

10:37:28.0493 2576 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

10:37:28.0540 2576 IPNAT - ok

10:37:28.0696 2576 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

10:37:28.0727 2576 IRENUM - ok

10:37:28.0836 2576 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

10:37:28.0836 2576 iScsiPrt - ok

10:37:29.0070 2576 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys

10:37:29.0101 2576 k57nd60x - ok

10:37:29.0210 2576 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

10:37:29.0226 2576 kbdclass - ok

10:37:29.0335 2576 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

10:37:29.0382 2576 kbdhid - ok

10:37:29.0476 2576 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

10:37:29.0476 2576 KeyIso - ok

10:37:29.0569 2576 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys

10:37:29.0600 2576 KSecDD - ok

10:37:29.0694 2576 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys

10:37:29.0710 2576 KSecPkg - ok

10:37:29.0788 2576 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

10:37:29.0834 2576 KtmRm - ok

10:37:29.0975 2576 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll

10:37:30.0037 2576 LanmanServer - ok

10:37:30.0287 2576 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll

10:37:30.0318 2576 LanmanWorkstation - ok

10:37:30.0630 2576 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

10:37:30.0677 2576 lltdio - ok

10:37:30.0817 2576 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

10:37:30.0895 2576 lltdsvc - ok

10:37:31.0067 2576 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

10:37:31.0114 2576 lmhosts - ok

10:37:31.0254 2576 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:37:31.0270 2576 LSI_FC - ok

10:37:31.0394 2576 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:37:31.0426 2576 LSI_SAS - ok

10:37:31.0675 2576 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:37:31.0675 2576 LSI_SAS2 - ok

10:37:31.0769 2576 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:37:31.0784 2576 LSI_SCSI - ok

10:37:31.0925 2576 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

10:37:31.0972 2576 luafv - ok

10:37:32.0096 2576 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe

10:37:32.0112 2576 McciCMService ( UnsignedFile.Multi.Generic ) - warning

10:37:32.0112 2576 McciCMService - detected UnsignedFile.Multi.Generic (1)

10:37:32.0190 2576 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll

10:37:32.0221 2576 Mcx2Svc - ok

10:37:32.0330 2576 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

10:37:32.0346 2576 megasas - ok

10:37:32.0471 2576 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

10:37:32.0486 2576 MegaSR - ok

10:37:32.0580 2576 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

10:37:32.0627 2576 MMCSS - ok

10:37:32.0720 2576 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

10:37:32.0767 2576 Modem - ok

10:37:32.0892 2576 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

10:37:32.0923 2576 monitor - ok

10:37:33.0017 2576 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

10:37:33.0032 2576 mouclass - ok

10:37:33.0157 2576 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

10:37:33.0188 2576 mouhid - ok

10:37:33.0266 2576 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

10:37:33.0282 2576 mountmgr - ok

10:37:33.0360 2576 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

10:37:33.0360 2576 mpio - ok

10:37:33.0454 2576 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

10:37:33.0485 2576 mpsdrv - ok

10:37:33.0610 2576 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll

10:37:33.0656 2576 MpsSvc - ok

10:37:33.0750 2576 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

10:37:33.0766 2576 MRxDAV - ok

10:37:33.0906 2576 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:37:33.0953 2576 mrxsmb - ok

10:37:34.0046 2576 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:37:34.0078 2576 mrxsmb10 - ok

10:37:34.0187 2576 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:37:34.0202 2576 mrxsmb20 - ok

10:37:34.0280 2576 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys

10:37:34.0296 2576 msahci - ok

10:37:34.0358 2576 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

10:37:34.0374 2576 msdsm - ok

10:37:34.0468 2576 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

10:37:34.0546 2576 MSDTC - ok

10:37:34.0686 2576 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

10:37:34.0702 2576 Msfs - ok

10:37:34.0748 2576 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

10:37:34.0764 2576 mshidkmdf - ok

10:37:34.0826 2576 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

10:37:34.0826 2576 msisadrv - ok

10:37:34.0967 2576 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

10:37:34.0998 2576 MSiSCSI - ok

10:37:35.0076 2576 msiserver - ok

10:37:35.0138 2576 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

10:37:35.0185 2576 MSKSSRV - ok

10:37:35.0294 2576 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

10:37:35.0326 2576 MSPCLOCK - ok

10:37:35.0444 2576 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

10:37:35.0464 2576 MSPQM - ok

10:37:35.0504 2576 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

10:37:35.0514 2576 MsRPC - ok

10:37:35.0584 2576 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

10:37:35.0594 2576 mssmbios - ok

10:37:35.0744 2576 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

10:37:35.0764 2576 MSTEE - ok

10:37:35.0844 2576 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

10:37:35.0874 2576 MTConfig - ok

10:37:36.0014 2576 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

10:37:36.0024 2576 Mup - ok

10:37:36.0114 2576 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll

10:37:36.0154 2576 napagent - ok

10:37:36.0284 2576 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

10:37:36.0314 2576 NativeWifiP - ok

10:37:36.0424 2576 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

10:37:36.0454 2576 NDIS - ok

10:37:36.0584 2576 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

10:37:36.0624 2576 NdisCap - ok

10:37:36.0964 2576 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

10:37:37.0004 2576 NdisTapi - ok

10:37:37.0094 2576 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

10:37:37.0134 2576 Ndisuio - ok

10:37:37.0234 2576 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

10:37:37.0264 2576 NdisWan - ok

10:37:37.0314 2576 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

10:37:37.0334 2576 NDProxy - ok

10:37:37.0469 2576 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

10:37:37.0500 2576 NetBIOS - ok

10:37:37.0594 2576 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

10:37:37.0641 2576 NetBT - ok

10:37:37.0750 2576 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

10:37:37.0750 2576 Netlogon - ok

10:37:37.0875 2576 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

10:37:37.0906 2576 Netman - ok

10:37:38.0031 2576 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

10:37:38.0078 2576 netprofm - ok

10:37:38.0171 2576 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:37:38.0187 2576 NetTcpPortSharing - ok

10:37:38.0327 2576 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

10:37:38.0343 2576 nfrd960 - ok

10:37:38.0421 2576 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll

10:37:38.0452 2576 NlaSvc - ok

10:37:38.0577 2576 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

10:37:38.0624 2576 Npfs - ok

10:37:38.0702 2576 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

10:37:38.0733 2576 nsi - ok

10:37:38.0795 2576 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

10:37:38.0826 2576 nsiproxy - ok

10:37:38.0944 2576 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

10:37:38.0974 2576 Ntfs - ok

10:37:39.0084 2576 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

10:37:39.0124 2576 Null - ok

10:37:39.0244 2576 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

10:37:39.0254 2576 nvraid - ok

10:37:39.0414 2576 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

10:37:39.0424 2576 nvstor - ok

10:37:39.0504 2576 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

10:37:39.0514 2576 nv_agp - ok

10:37:39.0644 2576 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

10:37:39.0694 2576 ohci1394 - ok

10:37:39.0814 2576 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:37:39.0824 2576 ose - ok

10:37:39.0924 2576 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:37:40.0024 2576 osppsvc - ok

10:37:40.0134 2576 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

10:37:40.0154 2576 p2pimsvc - ok

10:37:40.0234 2576 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

10:37:40.0264 2576 p2psvc - ok

10:37:40.0404 2576 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

10:37:40.0434 2576 Parport - ok

10:37:40.0514 2576 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

10:37:40.0524 2576 partmgr - ok

10:37:40.0574 2576 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

10:37:40.0634 2576 Parvdm - ok

10:37:40.0734 2576 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

10:37:40.0754 2576 PcaSvc - ok

10:37:40.0834 2576 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

10:37:40.0864 2576 pci - ok

10:37:40.0954 2576 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

10:37:40.0970 2576 pciide - ok

10:37:41.0032 2576 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

10:37:41.0048 2576 pcmcia - ok

10:37:41.0142 2576 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

10:37:41.0157 2576 pcw - ok

10:37:41.0266 2576 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

10:37:41.0313 2576 PEAUTH - ok

10:37:41.0422 2576 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll

10:37:41.0500 2576 pla - ok

10:37:41.0613 2576 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll

10:37:41.0663 2576 PlugPlay - ok

10:37:41.0743 2576 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

10:37:41.0763 2576 PNRPAutoReg - ok

10:37:41.0923 2576 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

10:37:41.0933 2576 PNRPsvc - ok

10:37:42.0023 2576 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll

10:37:42.0063 2576 PolicyAgent - ok

10:37:42.0173 2576 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll

10:37:42.0193 2576 Power - ok

10:37:42.0313 2576 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

10:37:42.0333 2576 PptpMiniport - ok

10:37:42.0393 2576 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

10:37:42.0423 2576 Processor - ok

10:37:42.0503 2576 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll

10:37:42.0553 2576 ProfSvc - ok

10:37:42.0663 2576 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

10:37:42.0673 2576 ProtectedStorage - ok

10:37:42.0783 2576 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

10:37:42.0823 2576 Psched - ok

10:37:42.0963 2576 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

10:37:43.0013 2576 ql2300 - ok

10:37:43.0153 2576 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

10:37:43.0173 2576 ql40xx - ok

10:37:43.0253 2576 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

10:37:43.0283 2576 QWAVE - ok

10:37:43.0393 2576 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

10:37:43.0423 2576 QWAVEdrv - ok

10:37:43.0503 2576 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

10:37:43.0543 2576 RasAcd - ok

10:37:43.0666 2576 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:37:43.0698 2576 RasAgileVpn - ok

10:37:43.0791 2576 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

10:37:43.0822 2576 RasAuto - ok

10:37:43.0947 2576 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:37:43.0978 2576 Rasl2tp - ok

10:37:44.0072 2576 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll

10:37:44.0119 2576 RasMan - ok

10:37:44.0244 2576 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

10:37:44.0275 2576 RasPppoe - ok

10:37:44.0384 2576 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

10:37:44.0415 2576 RasSstp - ok

10:37:44.0493 2576 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

10:37:44.0524 2576 rdbss - ok

10:37:44.0602 2576 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

10:37:44.0634 2576 rdpbus - ok

10:37:44.0758 2576 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:37:44.0805 2576 RDPCDD - ok

10:37:44.0899 2576 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

10:37:44.0946 2576 RDPENCDD - ok

10:37:45.0055 2576 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

10:37:45.0086 2576 RDPREFMP - ok

10:37:45.0195 2576 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys

10:37:45.0211 2576 RDPWD - ok

10:37:45.0336 2576 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

10:37:45.0351 2576 rdyboost - ok

10:37:45.0429 2576 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

10:37:45.0476 2576 RemoteAccess - ok

10:37:45.0648 2576 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

10:37:45.0679 2576 RemoteRegistry - ok

10:37:45.0788 2576 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys

10:37:45.0835 2576 ROOTMODEM - ok

10:37:45.0975 2576 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

10:37:45.0991 2576 RpcEptMapper - ok

10:37:46.0038 2576 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

10:37:46.0069 2576 RpcLocator - ok

10:37:46.0178 2576 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

10:37:46.0194 2576 RpcSs - ok

10:37:46.0303 2576 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

10:37:46.0334 2576 rspndr - ok

10:37:46.0459 2576 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

10:37:46.0459 2576 SamSs - ok

10:37:46.0537 2576 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

10:37:46.0552 2576 SASDIFSV - ok

10:37:46.0568 2576 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

10:37:46.0584 2576 SASKUTIL - ok

10:37:46.0693 2576 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

10:37:46.0693 2576 sbp2port - ok

10:37:46.0771 2576 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

10:37:46.0802 2576 SCardSvr - ok

10:37:46.0927 2576 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

10:37:46.0958 2576 scfilter - ok

10:37:47.0052 2576 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll

10:37:47.0130 2576 Schedule - ok

10:37:47.0208 2576 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

10:37:47.0223 2576 SCPolicySvc - ok

10:37:47.0254 2576 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll

10:37:47.0306 2576 SDRSVC - ok

10:37:47.0446 2576 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

10:37:47.0466 2576 SeaPort - ok

10:37:47.0576 2576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:37:47.0616 2576 secdrv - ok

10:37:47.0736 2576 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

10:37:47.0776 2576 seclogon - ok

10:37:47.0866 2576 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

10:37:47.0916 2576 SENS - ok

10:37:48.0016 2576 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

10:37:48.0076 2576 SensrSvc - ok

10:37:48.0166 2576 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

10:37:48.0186 2576 Serenum - ok

10:37:48.0316 2576 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

10:37:48.0336 2576 Serial - ok

10:37:48.0366 2576 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

10:37:48.0396 2576 sermouse - ok

10:37:48.0476 2576 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll

10:37:48.0496 2576 SessionEnv - ok

10:37:48.0586 2576 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

10:37:48.0616 2576 sffdisk - ok

10:37:48.0706 2576 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

10:37:48.0736 2576 sffp_mmc - ok

10:37:48.0856 2576 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

10:37:48.0886 2576 sffp_sd - ok

10:37:48.0936 2576 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

10:37:48.0966 2576 sfloppy - ok

10:37:49.0096 2576 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:37:49.0126 2576 Sftfs - ok

10:37:49.0216 2576 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

10:37:49.0226 2576 sftlist - ok

10:37:49.0351 2576 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:37:49.0367 2576 Sftplay - ok

10:37:49.0382 2576 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:37:49.0382 2576 Sftredir - ok

10:37:49.0460 2576 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:37:49.0476 2576 Sftvol - ok

10:37:49.0585 2576 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

10:37:49.0601 2576 sftvsa - ok

10:37:49.0679 2576 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

10:37:49.0726 2576 SharedAccess - ok

10:37:49.0848 2576 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll

10:37:49.0888 2576 ShellHWDetection - ok

10:37:49.0988 2576 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

10:37:49.0998 2576 sisagp - ok

10:37:50.0138 2576 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:37:50.0148 2576 SiSRaid2 - ok

10:37:50.0198 2576 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

10:37:50.0208 2576 SiSRaid4 - ok

10:37:50.0298 2576 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

10:37:50.0338 2576 Smb - ok

10:37:50.0478 2576 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

10:37:50.0508 2576 SNMPTRAP - ok

10:37:50.0598 2576 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

10:37:50.0608 2576 spldr - ok

10:37:50.0748 2576 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe

10:37:50.0808 2576 Spooler - ok

10:37:50.0918 2576 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe

10:37:51.0018 2576 sppsvc - ok

10:37:51.0108 2576 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll

10:37:51.0138 2576 sppuinotify - ok

10:37:51.0278 2576 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

10:37:51.0338 2576 srv - ok

10:37:51.0438 2576 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

10:37:51.0448 2576 srv2 - ok

10:37:51.0568 2576 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

10:37:51.0598 2576 srvnet - ok

10:37:51.0688 2576 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

10:37:51.0708 2576 SSDPSRV - ok

10:37:51.0728 2576 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

10:37:51.0778 2576 SstpSvc - ok

10:37:51.0869 2576 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

10:37:51.0885 2576 stexstor - ok

10:37:52.0025 2576 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll

10:37:52.0056 2576 StiSvc - ok

10:37:52.0150 2576 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

10:37:52.0166 2576 swenum - ok

10:37:52.0275 2576 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

10:37:52.0306 2576 swprv - ok

10:37:52.0415 2576 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll

10:37:52.0462 2576 SysMain - ok

10:37:52.0556 2576 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll

10:37:52.0587 2576 TabletInputService - ok

10:37:52.0680 2576 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll

10:37:52.0696 2576 TapiSrv - ok

10:37:52.0712 2576 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

10:37:52.0758 2576 TBS - ok

10:37:52.0899 2576 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

10:37:52.0946 2576 Tcpip - ok

10:37:53.0086 2576 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

10:37:53.0102 2576 TCPIP6 - ok

10:37:53.0224 2576 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

10:37:53.0264 2576 tcpipreg - ok

10:37:53.0384 2576 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

10:37:53.0404 2576 TDPIPE - ok

10:37:53.0494 2576 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys

10:37:53.0524 2576 TDTCP - ok

10:37:53.0624 2576 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

10:37:53.0674 2576 tdx - ok

10:37:53.0754 2576 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

10:37:53.0764 2576 TermDD - ok

10:37:53.0834 2576 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll

10:37:53.0894 2576 TermService - ok

10:37:53.0984 2576 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

10:37:53.0994 2576 Themes - ok

10:37:54.0044 2576 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

10:37:54.0064 2576 THREADORDER - ok

10:37:54.0174 2576 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

10:37:54.0214 2576 TrkWks - ok

10:37:54.0284 2576 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe

10:37:54.0324 2576 TrustedInstaller - ok

10:37:54.0424 2576 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:37:54.0464 2576 tssecsrv - ok

10:37:54.0574 2576 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

10:37:54.0594 2576 tunnel - ok

10:37:54.0684 2576 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

10:37:54.0694 2576 uagp35 - ok

10:37:54.0784 2576 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys

10:37:54.0834 2576 udfs - ok

10:37:54.0924 2576 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

10:37:54.0954 2576 UI0Detect - ok

10:37:55.0054 2576 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

10:37:55.0064 2576 uliagpkx - ok

10:37:55.0190 2576 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

10:37:55.0205 2576 umbus - ok

10:37:55.0314 2576 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

10:37:55.0330 2576 UmPass - ok

10:37:55.0439 2576 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

10:37:55.0455 2576 upnphost - ok

10:37:55.0548 2576 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\drivers\usbccgp.sys

10:37:55.0595 2576 usbccgp - ok

10:37:55.0736 2576 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

10:37:55.0736 2576 usbcir - ok

10:37:55.0798 2576 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys

10:37:55.0814 2576 usbehci - ok

10:37:55.0938 2576 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys

10:37:55.0985 2576 usbhub - ok

10:37:56.0079 2576 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys

10:37:56.0094 2576 usbohci - ok

10:37:56.0235 2576 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

10:37:56.0266 2576 usbprint - ok

10:37:56.0360 2576 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

10:37:56.0375 2576 usbscan - ok

10:37:56.0516 2576 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS

10:37:56.0562 2576 USBSTOR - ok

10:37:56.0656 2576 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys

10:37:56.0672 2576 usbuhci - ok

10:37:56.0765 2576 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

10:37:56.0781 2576 UxSms - ok

10:37:56.0812 2576 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

10:37:56.0812 2576 VaultSvc - ok

10:37:56.0937 2576 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

10:37:56.0937 2576 vdrvroot - ok

10:37:57.0046 2576 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe

10:37:57.0077 2576 vds - ok

10:37:57.0171 2576 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

10:37:57.0202 2576 vga - ok

10:37:57.0327 2576 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

10:37:57.0342 2576 VgaSave - ok

10:37:57.0389 2576 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

10:37:57.0405 2576 vhdmp - ok

10:37:57.0545 2576 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

10:37:57.0561 2576 viaagp - ok

10:37:57.0639 2576 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

10:37:57.0670 2576 ViaC7 - ok

10:37:57.0779 2576 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

10:37:57.0810 2576 viaide - ok

10:37:57.0873 2576 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

10:37:57.0888 2576 volmgr - ok

10:37:57.0982 2576 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

10:37:57.0998 2576 volmgrx - ok

10:37:58.0107 2576 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

10:37:58.0122 2576 volsnap - ok

10:37:58.0247 2576 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

10:37:58.0247 2576 vsmraid - ok

10:37:58.0372 2576 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe

10:37:58.0419 2576 VSS - ok

10:37:58.0637 2576 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

10:37:58.0668 2576 vToolbarUpdater10.2.0 - ok

10:37:58.0762 2576 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

10:37:58.0793 2576 vwifibus - ok

10:37:58.0902 2576 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

10:37:58.0949 2576 W32Time - ok

10:37:59.0043 2576 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

10:37:59.0043 2576 WacomPen - ok

10:37:59.0168 2576 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

10:37:59.0183 2576 WANARP - ok

10:37:59.0183 2576 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

10:37:59.0214 2576 Wanarpv6 - ok

10:37:59.0292 2576 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

10:37:59.0339 2576 wanatw - ok

10:37:59.0448 2576 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

10:37:59.0495 2576 WatAdminSvc - ok

10:37:59.0604 2576 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe

10:37:59.0714 2576 wbengine - ok

10:37:59.0807 2576 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

10:37:59.0838 2576 WbioSrvc - ok

10:37:59.0916 2576 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll

10:37:59.0979 2576 wcncsvc - ok

10:38:00.0072 2576 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

10:38:00.0135 2576 WcsPlugInService - ok

10:38:00.0213 2576 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

10:38:00.0228 2576 Wd - ok

10:38:00.0322 2576 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

10:38:00.0338 2576 Wdf01000 - ok

10:38:00.0400 2576 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

10:38:00.0431 2576 WdiServiceHost - ok

10:38:00.0431 2576 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

10:38:00.0447 2576 WdiSystemHost - ok

10:38:00.0540 2576 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll

10:38:00.0587 2576 WebClient - ok

10:38:00.0650 2576 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

10:38:00.0681 2576 Wecsvc - ok

10:38:00.0712 2576 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

10:38:00.0743 2576 wercplsupport - ok

10:38:00.0884 2576 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

10:38:00.0899 2576 WerSvc - ok

10:38:00.0993 2576 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

10:38:01.0008 2576 WfpLwf - ok

10:38:01.0102 2576 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

10:38:01.0118 2576 WIMMount - ok

10:38:01.0180 2576 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

10:38:01.0211 2576 WinDefend - ok

10:38:01.0211 2576 WinHttpAutoProxySvc - ok

10:38:01.0320 2576 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

10:38:01.0367 2576 Winmgmt - ok

10:38:01.0461 2576 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll

10:38:01.0492 2576 WinRM - ok

10:38:01.0650 2576 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys

10:38:01.0700 2576 WinUsb - ok

10:38:01.0790 2576 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

10:38:01.0840 2576 Wlansvc - ok

10:38:02.0000 2576 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:38:02.0010 2576 wlcrasvc - ok

10:38:02.0100 2576 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:38:02.0140 2576 wlidsvc - ok

10:38:02.0230 2576 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

10:38:02.0260 2576 WmiAcpi - ok

10:38:02.0380 2576 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

10:38:02.0400 2576 wmiApSrv - ok

10:38:02.0500 2576 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

10:38:02.0580 2576 WMPNetworkSvc - ok

10:38:02.0680 2576 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

10:38:02.0710 2576 WPCSvc - ok

10:38:02.0790 2576 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll

10:38:02.0820 2576 WPDBusEnum - ok

10:38:02.0930 2576 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

10:38:02.0960 2576 ws2ifsl - ok

10:38:03.0040 2576 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll

10:38:03.0070 2576 wscsvc - ok

10:38:03.0170 2576 WSearch - ok

10:38:03.0230 2576 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll

10:38:03.0290 2576 wuauserv - ok

10:38:03.0340 2576 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys

10:38:03.0360 2576 WudfPf - ok

10:38:03.0440 2576 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:38:03.0470 2576 WUDFRd - ok

10:38:03.0580 2576 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll

10:38:03.0610 2576 wudfsvc - ok

10:38:03.0720 2576 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

10:38:03.0750 2576 WwanSvc - ok

10:38:03.0780 2576 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

10:38:03.0960 2576 \Device\Harddisk0\DR0 - ok

10:38:03.0970 2576 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

10:38:04.0110 2576 \Device\Harddisk1\DR1 - ok

10:38:04.0190 2576 Boot (0x1200) (4850f2c239332ae4b6bcf77d0c213b9a) \Device\Harddisk0\DR0\Partition0

10:38:04.0200 2576 \Device\Harddisk0\DR0\Partition0 - ok

10:38:04.0210 2576 Boot (0x1200) (fabea6456dcf6e6fb9241a5b4c6befec) \Device\Harddisk0\DR0\Partition1

10:38:04.0210 2576 \Device\Harddisk0\DR0\Partition1 - ok

10:38:04.0210 2576 Boot (0x1200) (5b011e06970954e727f45a7f2f079d42) \Device\Harddisk1\DR1\Partition0

10:38:04.0210 2576 \Device\Harddisk1\DR1\Partition0 - ok

10:38:04.0210 2576 ============================================================

10:38:04.0210 2576 Scan finished

10:38:04.0210 2576 ============================================================

10:38:04.0220 7228 Detected object count: 1

10:38:04.0220 7228 Actual detected object count: 1

10:38:46.0030 7228 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

10:38:46.0030 7228 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Delete your ComboFix copy and then:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi Maniac,

DId as requested. Below is the combofix log. When the machine rebooted I did get an error box with the following info.

C:windows\system32\GfxUI.exe

"Illegal Operation attemped on registry key that has been marked for deletion"

Here is log

ComboFix 12-04-20.03 - Don Gonsalves 04/20/2012 10:59:16.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.934 [GMT -4:00]

Running from: c:\users\Don Gonsalves\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\iwfnaaa.tmp

c:\users\Don Gonsalves\ComboFix.exe

c:\windows\expl.dat

c:\windows\system32\svch.dat

c:\windows\system32\winl.dat

.

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

.

c:\windows\system32\svchost.exe . . . is infected!!

.

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe

.

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe

.

((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))

.

.

2012-04-20 15:11 . 2012-04-20 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-18 22:44 . 2012-04-18 22:44 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\SUPERAntiSpyware.com

2012-04-18 22:43 . 2012-04-18 22:44 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-18 22:43 . 2012-04-18 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-18 22:43 . 2012-04-18 22:43 16090640 ----a-w- C:\SAS_935F0.EXE

2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\Malwarebytes

2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\programdata\Malwarebytes

2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-18 20:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-18 20:56 . 2012-04-18 20:56 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe

2012-04-18 20:45 . 2012-04-18 20:45 2072112 ----a-w- C:\TDSSKiller.exe

2012-04-14 13:22 . 2012-04-14 13:22 -------- d-----w- c:\programdata\CanonIJEGV

2012-04-13 07:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-13 07:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 07:02 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 07:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 07:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 07:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-25 21:26 . 2012-03-25 21:26 -------- d-----w- c:\windows\Sun

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-20 15:13 . 2011-04-28 11:18 2639872 ----a-w- c:\windows\explorer.exe

2012-04-20 15:13 . 2010-06-15 23:35 311808 ----a-w- c:\windows\system32\winlogon.exe

2012-04-18 22:23 . 2012-04-18 22:22 2052792 ----a-w- C:\tdsskiller.zip

2012-02-22 12:29 . 2011-06-03 10:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-22 08:03 . 2012-02-22 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-22 08:03 . 2012-02-22 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-02-22 08:03 . 2012-02-22 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-02-22 08:03 . 2012-02-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-22 08:03 . 2012-02-22 08:03 367104 ----a-w- c:\windows\system32\html.iec

2012-02-22 08:03 . 2012-02-22 08:03 161792 ----a-w- c:\windows\system32\msls31.dll

2012-02-22 08:03 . 2012-02-22 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-22 08:03 . 2012-02-22 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-02-22 08:03 . 2012-02-22 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-02-22 08:03 . 2012-02-22 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-22 08:03 . 2012-02-22 08:03 152064 ----a-w- c:\windows\system32\wextract.exe

2012-02-22 08:03 . 2012-02-22 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-02-22 08:03 . 2012-02-22 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-22 08:03 . 2012-02-22 08:03 11776 ----a-w- c:\windows\system32\mshta.exe

2012-02-22 08:03 . 2012-02-22 08:03 101888 ----a-w- c:\windows\system32\admparse.dll

2012-02-15 05:44 . 2012-03-14 11:39 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-15 04:22 . 2012-03-14 11:39 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-15 04:22 . 2012-03-14 11:39 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:41 . 2012-03-14 11:39 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:41 . 2012-03-14 11:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-10 05:41 . 2012-03-14 11:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-10 05:41 . 2012-03-14 11:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-10 05:41 . 2012-03-14 11:39 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-02-03 04:01 . 2012-03-14 11:39 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 05:44 . 2012-03-14 11:39 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 05:44 . 2012-03-14 11:39 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 05:40 . 2012-03-14 11:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-04-20 . DF974BC5437A7FDF82B4523DFCB4456F . 311808 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe

[7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[7] 2010-06-15 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[7] 2010-06-15 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

.

[-] 2009-07-14 . E1BCFAC40EE52A8B870CDC55A47779CC . 46080 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe

[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

.

[-] 2012-04-20 . C2C701939D4BC20A1BE5E61288CE9BEA . 2639872 . . [6.1.7600.16385] . . c:\windows\explorer.exe

[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[7] 2010-06-15 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[7] 2010-06-15 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

[7] 2010-06-15 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[7] 2010-06-15 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[7] 2010-06-15 . FC89FACA0473641CB625EDA9277D0885 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

[7] 2010-06-15 . 00B0358734CAA32C39D181FE6916B178 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe

[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-03-13 01:30 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-20 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]

"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]

"HostManager"="c:\program files\Common Files\AOL\1277647536\ee\AOLSoftware.exe" [2010-03-08 41800]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-01 928096]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-22 250016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19]

.

2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13,

be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5,

3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:be,78,ea,ac,07,03,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\system32\conhost.exe

c:\windows\BCMSMMSG.exe

c:\program files\AOL Desktop 9.6\waol.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\AOL Desktop 9.6\shellmon.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2012-04-20 11:19:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-20 15:19

ComboFix2.txt 2012-04-18 23:49

.

Pre-Run: 202,121,179,136 bytes free

Post-Run: 201,840,066,560 bytes free

.

- - End Of File - - 98FD881016D11EACAA3F228A143DF30E

Link to post
Share on other sites

"Illegal Operation attemped on registry key that has been marked for deletion"

Reboot your PC and this will be fixed.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe | c:\windows\System32\winlogon.exe
c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe | c:\windows\System32\svchost.exe
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe | c:\windows\explorer.exe

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

HI Maniac,

Here is combofix log as instructed.

ComboFix 12-04-20.03 - Don Gonsalves 04/22/2012 20:45:55.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1218 [GMT -4:00]

Running from: c:\users\Don Gonsalves\Desktop\ComboFix.exe

Command switches used :: c:\users\Don Gonsalves\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\expl.dat

c:\windows\system32\winl.dat

.

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

.

c:\windows\system32\svchost.exe . . . is infected!!

.

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))

.

.

2012-04-23 00:58 . 2012-04-23 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-20 15:49 . 2012-04-20 15:49 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

2012-04-20 15:49 . 2012-04-20 15:49 -------- d-----w- c:\programdata\Virtualized Applications

2012-04-20 14:57 . 2012-04-20 14:57 -------- d-----w- c:\programdata\Viewpoint

2012-04-18 22:44 . 2012-04-18 22:44 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\SUPERAntiSpyware.com

2012-04-18 22:43 . 2012-04-18 22:44 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-18 22:43 . 2012-04-18 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-18 22:43 . 2012-04-18 22:43 16090640 ----a-w- C:\SAS_935F0.EXE

2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\Malwarebytes

2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\programdata\Malwarebytes

2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-18 20:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-18 20:56 . 2012-04-18 20:56 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe

2012-04-18 20:45 . 2012-04-18 20:45 2072112 ----a-w- C:\TDSSKiller.exe

2012-04-14 13:22 . 2012-04-14 13:22 -------- d-----w- c:\programdata\CanonIJEGV

2012-04-13 07:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-13 07:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 07:02 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 07:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-25 21:26 . 2012-03-25 21:26 -------- d-----w- c:\windows\Sun

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-23 01:00 . 2011-04-28 11:18 2639872 ----a-w- c:\windows\explorer.exe

2012-04-23 01:00 . 2010-06-15 23:35 311808 ----a-w- c:\windows\system32\winlogon.exe

2012-04-18 22:23 . 2012-04-18 22:22 2052792 ----a-w- C:\tdsskiller.zip

2012-03-01 05:49 . 2012-04-12 07:02 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 05:40 . 2012-04-12 07:02 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-28 01:11 . 2012-04-12 07:08 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-22 12:29 . 2011-06-03 10:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-22 08:03 . 2012-02-22 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-22 08:03 . 2012-02-22 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-02-22 08:03 . 2012-02-22 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-02-22 08:03 . 2012-02-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-22 08:03 . 2012-02-22 08:03 367104 ----a-w- c:\windows\system32\html.iec

2012-02-22 08:03 . 2012-02-22 08:03 161792 ----a-w- c:\windows\system32\msls31.dll

2012-02-22 08:03 . 2012-02-22 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-22 08:03 . 2012-02-22 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-02-22 08:03 . 2012-02-22 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-02-22 08:03 . 2012-02-22 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-22 08:03 . 2012-02-22 08:03 152064 ----a-w- c:\windows\system32\wextract.exe

2012-02-22 08:03 . 2012-02-22 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-02-22 08:03 . 2012-02-22 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-22 08:03 . 2012-02-22 08:03 11776 ----a-w- c:\windows\system32\mshta.exe

2012-02-22 08:03 . 2012-02-22 08:03 101888 ----a-w- c:\windows\system32\admparse.dll

2012-02-15 05:44 . 2012-03-14 11:39 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-15 04:22 . 2012-03-14 11:39 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-15 04:22 . 2012-03-14 11:39 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:41 . 2012-03-14 11:39 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:41 . 2012-03-14 11:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-10 05:41 . 2012-03-14 11:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-10 05:41 . 2012-03-14 11:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-10 05:41 . 2012-03-14 11:39 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-02-03 04:01 . 2012-03-14 11:39 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 05:44 . 2012-03-14 11:39 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 05:44 . 2012-03-14 11:39 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 05:40 . 2012-03-14 11:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-04-23 . DF974BC5437A7FDF82B4523DFCB4456F . 311808 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe

[7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[7] 2010-06-15 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[7] 2010-06-15 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

.

[-] 2009-07-14 . E1BCFAC40EE52A8B870CDC55A47779CC . 46080 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe

[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

.

[-] 2012-04-23 . C2C701939D4BC20A1BE5E61288CE9BEA . 2639872 . . [6.1.7600.16385] . . c:\windows\explorer.exe

[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[7] 2010-06-15 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[7] 2010-06-15 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

[7] 2010-06-15 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[7] 2010-06-15 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[7] 2010-06-15 . FC89FACA0473641CB625EDA9277D0885 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

[7] 2010-06-15 . 00B0358734CAA32C39D181FE6916B178 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe

[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-03-13 01:30 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-20 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]

"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]

"HostManager"="c:\program files\Common Files\AOL\1277647536\ee\AOLSoftware.exe" [2010-03-08 41800]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-01 928096]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-22 250016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13,

be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5,

3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:be,78,ea,ac,07,03,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\taskhost.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\BCMSMMSG.exe

c:\program files\AOL Desktop 9.6\waol.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\windows\system32\DllHost.exe

c:\program files\AOL Desktop 9.6\shellmon.exe

c:\windows\system32\sppsvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

c:\program files\aol toolbar\aoltbServer.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Google\Google Toolbar\GoogleToolbarUser_32.exe

c:\program files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\aol toolbar\aoltbServer.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Common Files\aol\1277647536\ee\aolupdates.exe

c:\program files\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Completion time: 2012-04-22 21:08:12 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-23 01:08

ComboFix2.txt 2012-04-20 15:19

ComboFix3.txt 2012-04-18 23:49

.

Pre-Run: 206,143,279,104 bytes free

Post-Run: 205,839,876,096 bytes free

.

- - End Of File - - 8EA476B47D0689BABA594771BF3F80F4

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

First, visit www.virustotal.com and upload the following file:

c:\windows\System32\winlogon.exe

Next, wait until scan finished and then post the link in your next reply.

Second,

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Link to post
Share on other sites

Hi Maniac,

Ran the winlogon.exe in virustotal.com and here is result

https://www.virustotal.com/file/e04e230f0436eae6457bf275f9848113c73942aa23e15c3edace8d5b026304ad/analysis/1335475908/

Found 3 items.

Ran ASWMBR as instructed. Here is log file from that scan.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-26 17:35:43

-----------------------------

17:35:43.126 OS Version: Windows 6.1.7600

17:35:43.126 Number of processors: 2 586 0x170A

17:35:43.126 ComputerName: DONGONSALVES-PC UserName: Don Gonsalves

17:36:09.873 Initialize success

17:36:48.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

17:36:48.847 Disk 0 Vendor: ST3250318AS CC45 Size: 238418MB BusType: 3

17:36:48.847 Disk 0 MBR read successfully

17:36:48.862 Disk 0 MBR scan

17:36:48.862 Disk 0 Windows VISTA default MBR code

17:36:48.862 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

17:36:48.878 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9818 MB offset 81920

17:36:48.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228559 MB offset 20189184

17:36:48.893 Disk 0 scanning sectors +488278016

17:36:48.940 Disk 0 scanning C:\Windows\system32\drivers

17:36:54.447 Service scanning

17:37:09.969 Modules scanning

17:37:15.195 Disk 0 trace - called modules:

17:37:15.211 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

17:37:15.226 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855fc5f8]

17:37:15.226 3 CLASSPNP.SYS[88ba359e] -> nt!IofCallDriver -> [0x85148918]

17:37:15.226 5 ACPI.sys[8861b3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85196030]

17:37:15.226 Scan finished successfully

17:37:30.421 Disk 0 MBR has been saved successfully to "C:\Users\Don Gonsalves\Desktop\MBR.dat"

17:37:30.436 The log file has been saved successfully to "C:\Users\Don Gonsalves\Desktop\aswMBR.txt"

Link to post
Share on other sites

Hi Maniac,

The computer still has the redirect when using google.com to search for a topic. I notice in my tabs that it briefly says "credit-crush.com" then says redirecting.

When i put in "scour redirect" into google.com to do a search, usually when i click on one of the search results it then goes into the redirect mode.

I tried going to yahoo.com and using their search engine, but samething happened. Got the redirect when attempting to connect to a yahoo search result.

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Hi Maniac,

Ran the Kaspersky virus removal tool scan as instructed. It found 3 threats. I quarantined 2 of them and deleted one as instructed by the program.

Status: Quarantined (events: 2)

4/30/2012 8:12:40 PM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRQVA260\images[1].htm High

4/30/2012 8:13:00 PM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IC1Y0737\images[1].htm High

Status: Disinfected (events: 2)

4/30/2012 8:12:24 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.q C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\5141ff24-615a64ed High

4/30/2012 8:12:24 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.q C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\5141ff24-615a64ed/ta/ta.class High

Link to post
Share on other sites

Hi Maniac, Uninstalled Java 6 update 26 as instructed. I could not uninstall Java Auto Updater because I did not see it in my programs list to uninstall.

I installed Java 7 JRE (note, for future reference, the link you gave me to install Java 7 takes you to a Java page where you can download either JDK or JRE. I had to do some investigation to see which one to install since I didnt know the correct one)

Computer is still exhibiting the redirects from google search engine. Not everytime. Id say about 75% of the time it redirects the search. Still noticing the "credit-crush.com" page for a few seconds in the tab before it redirects.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.