Jump to content

Darn rootkit....


Recommended Posts

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Hello Mr. C

RK Report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Joe and Lisa [Admin rights]

Mode: Scan -- Date: 08/11/2012 10:42:56

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 14 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Hyolg ("C:\Users\Joe and Lisa\AppData\Roaming\Qidys\lyet.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-91977268-874446968-1935824155-1001[...]\Run : Hyolg ("C:\Users\Joe and Lisa\AppData\Roaming\Qidys\lyet.exe") -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] n : c:\windows\installer\{09494167-0f92-1d67-250c-867b0a6386cd}\n --> FOUND

[ZeroAccess][FILE] @ : c:\windows\installer\{09494167-0f92-1d67-250c-867b0a6386cd}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{09494167-0f92-1d67-250c-867b0a6386cd}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{09494167-0f92-1d67-250c-867b0a6386cd}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++

--- User ---

[MBR] 077d6c19e7453ab32cdea7284318a136

[bSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14642 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30068736 | Size: 939186 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 6332d700481fccdcf2e804a611e17bf7

[bSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14642 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30068736 | Size: 939186 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Thanks Mr. C

FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 11-08-2012 10:26:45

Running from J:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060832 2010-02-08] (Realtek Semiconductor)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2114376 2008-03-17] (CANON INC.)

HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [722256 2008-12-11] (CANON INC.)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [167704 2012-01-10] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392984 2012-01-10] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417560 2012-01-10] (Intel Corporation)

HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2011-09-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2010-09-22] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-04] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [518640 2010-09-03] ()

HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKU\Joe and Lisa\...\Run: [Hyolg] "C:\Users\Joe and Lisa\AppData\Roaming\Qidys\lyet.exe" [270336 2011-06-10] ()

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-09-04] (Sonic Solutions)

3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-08-26] (MicroVision Development, Inc.)

========================== Drivers (Whitelisted) =============

3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

3 PROCEXP150; \??\C:\Windows\system32\Drivers\PROCEXP150.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-11 09:07 - 2012-08-11 09:06 - 00607260 ____R (Swearware) C:\Users\Joe and Lisa\Desktop\dds.scr

2012-08-11 09:00 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-08-03 08:37 - 2012-08-11 05:37 - 00000000 ____D C:\Users\Joe and Lisa\Application Data\Yxbya

2012-08-03 08:37 - 2012-08-11 05:37 - 00000000 ____D C:\Users\Joe and Lisa\AppData\Roaming\Yxbya

2012-08-03 08:37 - 2012-08-03 08:37 - 00000000 ____D C:\Users\Joe and Lisa\Application Data\Xehiuq

2012-08-03 08:37 - 2012-08-03 08:37 - 00000000 ____D C:\Users\Joe and Lisa\Application Data\Qidys

2012-08-03 08:37 - 2012-08-03 08:37 - 00000000 ____D C:\Users\Joe and Lisa\AppData\Roaming\Xehiuq

2012-08-03 08:37 - 2012-08-03 08:37 - 00000000 ____D C:\Users\Joe and Lisa\AppData\Roaming\Qidys

2012-08-02 19:45 - 2012-08-05 18:37 - 00000000 ____D C:\Users\Joe and Lisa\.explorer.cache

2012-07-24 06:48 - 2011-07-18 23:40 - 00001107 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

2012-07-24 06:48 - 2011-07-18 23:40 - 00001107 ____A C:\Users\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

2012-07-24 06:43 - 2012-07-24 08:38 - 00000000 ____D C:\Windows\erdnt

2012-07-23 19:49 - 2012-07-23 19:49 - 00000000 ____D C:\FRST

============ 3 Months Modified Files ========================

2012-08-11 09:07 - 2011-05-07 09:22 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-11 09:07 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-11 09:07 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-11 09:06 - 2012-08-11 09:07 - 00607260 ____R (Swearware) C:\Users\Joe and Lisa\Desktop\dds.scr

2012-08-11 09:00 - 2011-05-07 09:22 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-11 08:59 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-11 08:59 - 2009-07-13 23:51 - 00102906 ____A C:\Windows\setupact.log

2012-08-10 08:31 - 2009-07-14 00:10 - 01399981 ____A C:\Windows\WindowsUpdate.log

2012-08-10 08:28 - 2011-02-11 20:51 - 00273884 ____A C:\Windows\PFRO.log

2012-08-08 13:28 - 2011-09-11 14:02 - 02507315 ____A C:\mars1.psp

2012-07-24 06:53 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini

2012-07-11 21:49 - 2012-07-11 21:45 - 04503728 ___AT C:\Users\All Users\go_0molg.pad

2012-07-11 21:49 - 2012-07-11 21:45 - 04503728 ___AT C:\Users\All Users\Application Data\go_0molg.pad

2012-07-03 13:46 - 2011-02-18 22:50 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-01 21:19 - 2012-07-01 21:19 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-01 21:19 - 2011-06-04 09:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-01 19:38 - 2012-07-01 19:06 - 00001187 ____A C:\Users\Public\Desktop\Diablo III.lnk

2012-07-01 19:38 - 2012-07-01 19:06 - 00001187 ____A C:\Users\All Users\Desktop\Diablo III.lnk

2012-06-25 15:18 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-14 03:28 - 2009-07-13 23:45 - 00354416 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-14 03:06 - 2011-02-19 10:38 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-06-02 17:19 - 2012-06-21 06:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 17:19 - 2012-06-21 06:07 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 17:19 - 2012-06-21 06:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 17:19 - 2012-06-21 06:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 17:19 - 2012-06-21 06:07 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 17:15 - 2012-06-21 06:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 17:15 - 2012-06-21 06:07 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 15:19 - 2012-06-21 06:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 15:15 - 2012-06-21 06:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-05-22 18:21 - 2012-05-22 18:21 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-05-22 18:21 - 2012-05-22 18:21 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-05-17 21:47 - 2012-06-14 03:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-05-17 21:16 - 2012-06-14 03:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-05-17 21:06 - 2012-06-14 03:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-05-17 20:59 - 2012-06-14 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-17 20:59 - 2012-06-14 03:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-05-17 20:58 - 2012-06-14 03:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-05-17 20:58 - 2012-06-14 03:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-05-17 20:56 - 2012-06-14 03:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-17 20:55 - 2012-06-14 03:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-05-17 20:55 - 2012-06-14 03:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-05-17 20:54 - 2012-06-14 03:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-05-17 20:51 - 2012-06-14 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-05-17 20:51 - 2012-06-14 03:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-05-17 20:47 - 2012-06-14 03:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-05-17 18:11 - 2012-06-14 03:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-05-17 17:48 - 2012-06-14 03:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-05-17 17:45 - 2012-06-14 03:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-05-17 17:36 - 2012-06-14 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-05-17 17:35 - 2012-06-14 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-05-17 17:35 - 2012-06-14 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-05-17 17:33 - 2012-06-14 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-05-17 17:31 - 2012-06-14 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-05-17 17:29 - 2012-06-14 03:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-05-17 17:29 - 2012-06-14 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-05-17 17:27 - 2012-06-14 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-05-17 17:25 - 2012-06-14 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-05-17 17:24 - 2012-06-14 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-05-17 17:20 - 2012-06-14 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-05-14 20:32 - 2012-06-13 14:49 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

ZeroAccess:

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\@

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\L

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\n

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\U

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\L\00000004.@

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\L\201d3dde

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\U\00000004.@

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\U\00000008.@

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\U\000000cb.@

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\U\80000000.@

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\U\80000032.@

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

Type 00 partition infection:

C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 7991.12 MB

Available physical RAM: 7215.3 MB

Total Pagefile: 7989.27 MB

Available Pagefile: 7211.16 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:917.17 GB) (Free:286.62 GB) NTFS

2 Drive d: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF

8 Drive j: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32

9 Drive k: (RECOVERY) (Fixed) (Total:14.3 GB) (Free:5.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 3835 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 917 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 9 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 K RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 917 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3827 MB 19 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 J FAT32 Removable 3827 MB Healthy

==================================================================================

Last Boot: 2012-08-07 00:31

======================= End Of Log ==========================

Search.txt:

Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 2012-08-11 10:28:33

Running from J:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\erdnt\cache64\services.exe

[2012-07-24 06:59] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\FRST\Quarantine\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

MBR fix needed

Link to post
Share on other sites

Thanks Mr.C FIXLOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 2012-08-11 12:37:57 Run:2

Running from J:\

==============================================

HKEY_USERS\Joe and Lisa\Software\Microsoft\Windows\CurrentVersion\Run\\Hyolg Value deleted successfully.

C:\Windows\Installer\{09494167-0f92-1d67-250c-867b0a6386cd} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Users\Joe and Lisa\AppData\Roaming\Qidys\lyet.exe moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\erdnt\cache64\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Combofix Log file:

ComboFix 12-08-10.01 - Joe and Lisa 08/11/2012 13:28:24.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.6240 [GMT -5:00]

Running from: c:\users\Joe and Lisa\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))

.

.

2012-08-11 18:34 . 2012-08-11 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-08 07:56 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C1189E8-FE9B-4785-88BD-C957703B6652}\mpengine.dll

2012-08-03 13:37 . 2012-08-11 17:37 -------- d-----w- c:\users\Joe and Lisa\AppData\Roaming\Qidys

2012-08-03 13:37 . 2012-08-11 10:37 -------- d-----w- c:\users\Joe and Lisa\AppData\Roaming\Yxbya

2012-08-03 13:37 . 2012-08-03 13:37 -------- d-----w- c:\users\Joe and Lisa\AppData\Roaming\Xehiuq

2012-08-03 00:45 . 2012-08-05 23:37 -------- d-----w- c:\users\Joe and Lisa\.explorer.cache

2012-08-03 00:45 . 2012-08-05 23:36 -------- d-----w- c:\users\Joe and Lisa\.explorer.local

2012-07-31 16:23 . 2012-08-06 04:37 -------- d-----w- c:\windows\system\System\Default\New folder137

2012-07-24 00:49 . 2012-07-24 00:49 -------- d-----w- C:\FRST

2012-07-16 03:05 . 2012-07-24 14:24 -------- d-----w- c:\windows\system\System\Default\New folder136

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 18:46 . 2011-02-19 03:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 02:19 . 2012-07-02 02:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-02 02:19 . 2011-06-04 14:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-14 08:06 . 2011-02-19 15:38 58957832 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-21 11:07 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 11:07 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 11:07 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 11:07 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 11:07 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 11:07 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 11:07 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 11:06 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-21 11:06 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-18 02:47 . 2012-06-14 08:00 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-05-18 02:16 . 2012-06-14 08:00 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-05-18 02:06 . 2012-06-14 08:00 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-05-18 01:59 . 2012-06-14 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-05-18 01:59 . 2012-06-14 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-05-18 01:58 . 2012-06-14 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-18 01:58 . 2012-06-14 08:00 237056 ----a-w- c:\windows\system32\url.dll

2012-05-18 01:56 . 2012-06-14 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-18 01:55 . 2012-06-14 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-18 01:55 . 2012-06-14 08:00 818688 ----a-w- c:\windows\system32\jscript.dll

2012-05-18 01:54 . 2012-06-14 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-05-18 01:51 . 2012-06-14 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-05-18 01:51 . 2012-06-14 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-18 01:47 . 2012-06-14 08:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-05-17 22:45 . 2012-06-14 08:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-05-17 22:35 . 2012-06-14 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-17 22:35 . 2012-06-14 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29 . 2012-06-14 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24 . 2012-06-14 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-05-15 01:32 . 2012-06-13 19:49 3146752 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320]

R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-19 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 14:21]

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 14:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://finance.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-08-11 13:49:24 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-11 18:49

.

Pre-Run: 307,823,988,736 bytes free

Post-Run: 307,659,825,152 bytes free

.

- - End Of File - - E56B3CE8C0F695C6518B311712879499

Link to post
Share on other sites

Please delete these 3 folders:

c:\users\Joe and Lisa\AppData\Roaming\Qidys

c:\users\Joe and Lisa\AppData\Roaming\Yxbya

c:\users\Joe and Lisa\AppData\Roaming\Xehiuq

You may have to enable hidden files to see them:

http://www.howtogeek...-windows-vista/

--------------------------------------------

Next........

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

MrC - TDSSKiller log as requested:

15:33:11.0742 5600 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

15:33:12.0116 5600 ============================================================

15:33:12.0116 5600 Current date / time: 2012/08/11 15:33:12.0116

15:33:12.0116 5600 SystemInfo:

15:33:12.0116 5600

15:33:12.0116 5600 OS Version: 6.1.7601 ServicePack: 1.0

15:33:12.0116 5600 Product type: Workstation

15:33:12.0116 5600 ComputerName: JOEANDLISA-PC

15:33:12.0116 5600 UserName: Joe and Lisa

15:33:12.0116 5600 Windows directory: C:\Windows

15:33:12.0116 5600 System windows directory: C:\Windows

15:33:12.0116 5600 Running under WOW64

15:33:12.0116 5600 Processor architecture: Intel x64

15:33:12.0116 5600 Number of processors: 4

15:33:12.0116 5600 Page size: 0x1000

15:33:12.0116 5600 Boot type: Normal boot

15:33:12.0116 5600 ============================================================

15:33:12.0974 5600 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:33:13.0005 5600 Drive \Device\Harddisk6\DR7 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

15:33:13.0005 5600 ============================================================

15:33:13.0005 5600 \Device\Harddisk0\DR0:

15:33:13.0005 5600 MBR partitions:

15:33:13.0005 5600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1C99000

15:33:13.0005 5600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1CAD000, BlocksNum 0x72A59000

15:33:13.0005 5600 \Device\Harddisk6\DR7:

15:33:13.0005 5600 MBR partitions:

15:33:13.0005 5600 \Device\Harddisk6\DR7\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2

15:33:13.0005 5600 ============================================================

15:33:13.0037 5600 C: <-> \Device\Harddisk0\DR0\Partition1

15:33:13.0037 5600 ============================================================

15:33:13.0037 5600 Initialize success

15:33:13.0037 5600 ============================================================

15:33:59.0899 5556 ============================================================

15:33:59.0899 5556 Scan started

15:33:59.0899 5556 Mode: Manual; SigCheck; TDLFS;

15:33:59.0899 5556 ============================================================

15:34:00.0476 5556 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:34:00.0570 5556 1394ohci - ok

15:34:00.0632 5556 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:34:00.0648 5556 ACPI - ok

15:34:00.0664 5556 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:34:00.0757 5556 AcpiPmi - ok

15:34:00.0804 5556 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:34:00.0820 5556 adp94xx - ok

15:34:00.0835 5556 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:34:00.0851 5556 adpahci - ok

15:34:00.0851 5556 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:34:00.0866 5556 adpu320 - ok

15:34:00.0882 5556 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:34:01.0007 5556 AeLookupSvc - ok

15:34:01.0085 5556 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

15:34:01.0147 5556 AFD - ok

15:34:01.0163 5556 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:34:01.0178 5556 agp440 - ok

15:34:01.0194 5556 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:34:01.0256 5556 ALG - ok

15:34:01.0303 5556 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:34:01.0319 5556 aliide - ok

15:34:01.0334 5556 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:34:01.0334 5556 amdide - ok

15:34:01.0350 5556 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:34:01.0412 5556 AmdK8 - ok

15:34:01.0428 5556 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:34:01.0475 5556 AmdPPM - ok

15:34:01.0537 5556 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:34:01.0568 5556 amdsata - ok

15:34:01.0584 5556 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:34:01.0584 5556 amdsbs - ok

15:34:01.0615 5556 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:34:01.0615 5556 amdxata - ok

15:34:01.0678 5556 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:34:01.0787 5556 AppID - ok

15:34:01.0818 5556 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:34:01.0880 5556 AppIDSvc - ok

15:34:01.0943 5556 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

15:34:01.0990 5556 Appinfo - ok

15:34:02.0114 5556 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:34:02.0130 5556 Apple Mobile Device - ok

15:34:02.0146 5556 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:34:02.0146 5556 arc - ok

15:34:02.0161 5556 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:34:02.0161 5556 arcsas - ok

15:34:02.0177 5556 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:34:02.0208 5556 AsyncMac - ok

15:34:02.0255 5556 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:34:02.0270 5556 atapi - ok

15:34:02.0333 5556 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:34:02.0411 5556 AudioEndpointBuilder - ok

15:34:02.0426 5556 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:34:02.0458 5556 AudioSrv - ok

15:34:02.0504 5556 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

15:34:02.0582 5556 AxInstSV - ok

15:34:02.0614 5556 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:34:02.0676 5556 b06bdrv - ok

15:34:02.0707 5556 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:34:02.0770 5556 b57nd60a - ok

15:34:02.0801 5556 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:34:02.0848 5556 BDESVC - ok

15:34:02.0848 5556 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:34:02.0879 5556 Beep - ok

15:34:02.0957 5556 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

15:34:03.0019 5556 BFE - ok

15:34:03.0050 5556 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:34:03.0066 5556 blbdrive - ok

15:34:03.0160 5556 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

15:34:03.0191 5556 Bonjour Service - ok

15:34:03.0253 5556 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:34:03.0269 5556 bowser - ok

15:34:03.0284 5556 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:34:03.0362 5556 BrFiltLo - ok

15:34:03.0362 5556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:34:03.0378 5556 BrFiltUp - ok

15:34:03.0394 5556 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

15:34:03.0472 5556 BridgeMP - ok

15:34:03.0534 5556 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

15:34:03.0612 5556 Browser - ok

15:34:03.0628 5556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:34:03.0659 5556 Brserid - ok

15:34:03.0674 5556 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:34:03.0706 5556 BrSerWdm - ok

15:34:03.0721 5556 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:34:03.0737 5556 BrUsbMdm - ok

15:34:03.0752 5556 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:34:03.0768 5556 BrUsbSer - ok

15:34:03.0799 5556 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:34:03.0830 5556 BTHMODEM - ok

15:34:03.0862 5556 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:34:03.0924 5556 bthserv - ok

15:34:04.0033 5556 catchme - ok

15:34:04.0064 5556 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:34:04.0127 5556 cdfs - ok

15:34:04.0158 5556 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:34:04.0174 5556 cdrom - ok

15:34:04.0220 5556 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:34:04.0283 5556 CertPropSvc - ok

15:34:04.0314 5556 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:34:04.0314 5556 circlass - ok

15:34:04.0330 5556 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:34:04.0345 5556 CLFS - ok

15:34:04.0392 5556 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:34:04.0423 5556 clr_optimization_v2.0.50727_32 - ok

15:34:04.0454 5556 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:34:04.0470 5556 clr_optimization_v2.0.50727_64 - ok

15:34:04.0579 5556 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:34:04.0595 5556 clr_optimization_v4.0.30319_32 - ok

15:34:04.0610 5556 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:34:04.0626 5556 clr_optimization_v4.0.30319_64 - ok

15:34:04.0642 5556 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:34:04.0688 5556 CmBatt - ok

15:34:04.0751 5556 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:34:04.0766 5556 cmdide - ok

15:34:04.0829 5556 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

15:34:04.0876 5556 CNG - ok

15:34:04.0876 5556 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:34:04.0891 5556 Compbatt - ok

15:34:04.0907 5556 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:34:04.0954 5556 CompositeBus - ok

15:34:04.0985 5556 COMSysApp - ok

15:34:05.0063 5556 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys

15:34:05.0078 5556 cpudrv64 - ok

15:34:05.0094 5556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:34:05.0094 5556 crcdisk - ok

15:34:05.0156 5556 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

15:34:05.0188 5556 CryptSvc - ok

15:34:05.0250 5556 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:34:05.0328 5556 DcomLaunch - ok

15:34:05.0344 5556 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:34:05.0390 5556 defragsvc - ok

15:34:05.0406 5556 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:34:05.0468 5556 DfsC - ok

15:34:05.0500 5556 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

15:34:05.0593 5556 Dhcp - ok

15:34:05.0640 5556 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:34:05.0718 5556 discache - ok

15:34:05.0796 5556 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:34:05.0812 5556 Disk - ok

15:34:05.0843 5556 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

15:34:05.0890 5556 Dnscache - ok

15:34:05.0952 5556 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

15:34:05.0999 5556 dot3svc - ok

15:34:06.0046 5556 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

15:34:06.0092 5556 DPS - ok

15:34:06.0108 5556 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:34:06.0124 5556 drmkaud - ok

15:34:06.0202 5556 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:34:06.0233 5556 DXGKrnl - ok

15:34:06.0248 5556 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:34:06.0280 5556 EapHost - ok

15:34:06.0373 5556 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:34:06.0451 5556 ebdrv - ok

15:34:06.0560 5556 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

15:34:06.0623 5556 EFS - ok

15:34:06.0685 5556 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

15:34:06.0701 5556 ehRecvr - ok

15:34:06.0716 5556 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:34:06.0732 5556 ehSched - ok

15:34:06.0763 5556 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:34:06.0779 5556 elxstor - ok

15:34:06.0826 5556 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:34:06.0857 5556 ErrDev - ok

15:34:06.0888 5556 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:34:06.0935 5556 EventSystem - ok

15:34:06.0950 5556 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:34:06.0982 5556 exfat - ok

15:34:06.0997 5556 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:34:07.0060 5556 fastfat - ok

15:34:07.0106 5556 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

15:34:07.0169 5556 Fax - ok

15:34:07.0169 5556 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:34:07.0184 5556 fdc - ok

15:34:07.0200 5556 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:34:07.0247 5556 fdPHost - ok

15:34:07.0247 5556 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:34:07.0294 5556 FDResPub - ok

15:34:07.0309 5556 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:34:07.0325 5556 FileInfo - ok

15:34:07.0325 5556 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:34:07.0372 5556 Filetrace - ok

15:34:07.0450 5556 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

15:34:07.0512 5556 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

15:34:07.0512 5556 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

15:34:07.0543 5556 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:34:07.0559 5556 flpydisk - ok

15:34:07.0574 5556 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:34:07.0590 5556 FltMgr - ok

15:34:07.0621 5556 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

15:34:07.0668 5556 FontCache - ok

15:34:07.0746 5556 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:34:07.0762 5556 FontCache3.0.0.0 - ok

15:34:07.0793 5556 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:34:07.0824 5556 FsDepends - ok

15:34:07.0855 5556 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

15:34:07.0871 5556 Fs_Rec - ok

15:34:07.0933 5556 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:34:07.0964 5556 fvevol - ok

15:34:07.0980 5556 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:34:07.0980 5556 gagp30kx - ok

15:34:08.0042 5556 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

15:34:08.0074 5556 GameConsoleService - ok

15:34:08.0136 5556 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:34:08.0152 5556 GEARAspiWDM - ok

15:34:08.0152 5556 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

15:34:08.0167 5556 GoToAssist - ok

15:34:08.0245 5556 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

15:34:08.0308 5556 gpsvc - ok

15:34:08.0354 5556 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:34:08.0370 5556 gupdate - ok

15:34:08.0386 5556 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:34:08.0386 5556 gupdatem - ok

15:34:08.0386 5556 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:34:08.0432 5556 hcw85cir - ok

15:34:08.0464 5556 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:34:08.0495 5556 HDAudBus - ok

15:34:08.0526 5556 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

15:34:08.0526 5556 HECIx64 - ok

15:34:08.0526 5556 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:34:08.0542 5556 HidBatt - ok

15:34:08.0557 5556 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:34:08.0588 5556 HidBth - ok

15:34:08.0588 5556 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:34:08.0635 5556 HidIr - ok

15:34:08.0666 5556 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

15:34:08.0713 5556 hidserv - ok

15:34:08.0729 5556 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

15:34:08.0744 5556 HidUsb - ok

15:34:08.0776 5556 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

15:34:08.0838 5556 hkmsvc - ok

15:34:08.0885 5556 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

15:34:08.0900 5556 HomeGroupListener - ok

15:34:08.0963 5556 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

15:34:08.0978 5556 HomeGroupProvider - ok

15:34:09.0010 5556 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:34:09.0025 5556 HpSAMD - ok

15:34:09.0088 5556 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:34:09.0150 5556 HTTP - ok

15:34:09.0150 5556 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:34:09.0166 5556 hwpolicy - ok

15:34:09.0212 5556 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:34:09.0228 5556 i8042prt - ok

15:34:09.0290 5556 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:34:09.0322 5556 iaStorV - ok

15:34:09.0400 5556 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:34:09.0431 5556 idsvc - ok

15:34:09.0805 5556 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys

15:34:09.0992 5556 igfx - ok

15:34:10.0070 5556 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:34:10.0086 5556 iirsp - ok

15:34:10.0164 5556 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

15:34:10.0242 5556 IKEEXT - ok

15:34:10.0273 5556 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

15:34:10.0304 5556 Impcd - ok

15:34:10.0367 5556 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys

15:34:10.0398 5556 IntcAzAudAddService - ok

15:34:10.0476 5556 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys

15:34:10.0507 5556 IntcDAud - ok

15:34:10.0554 5556 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:34:10.0570 5556 intelide - ok

15:34:10.0601 5556 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:34:10.0616 5556 intelppm - ok

15:34:10.0726 5556 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

15:34:10.0741 5556 IntuitUpdateService - ok

15:34:10.0850 5556 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

15:34:10.0866 5556 IntuitUpdateServiceV4 - ok

15:34:10.0882 5556 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:34:10.0944 5556 IPBusEnum - ok

15:34:10.0991 5556 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:34:11.0053 5556 IpFilterDriver - ok

15:34:11.0131 5556 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

15:34:11.0194 5556 iphlpsvc - ok

15:34:11.0225 5556 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:34:11.0272 5556 IPMIDRV - ok

15:34:11.0303 5556 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:34:11.0350 5556 IPNAT - ok

15:34:11.0443 5556 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

15:34:11.0474 5556 iPod Service - ok

15:34:11.0490 5556 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:34:11.0521 5556 IRENUM - ok

15:34:11.0568 5556 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:34:11.0584 5556 isapnp - ok

15:34:11.0615 5556 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:34:11.0630 5556 iScsiPrt - ok

15:34:11.0662 5556 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys

15:34:11.0677 5556 k57nd60a - ok

15:34:11.0693 5556 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

15:34:11.0708 5556 kbdclass - ok

15:34:11.0724 5556 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

15:34:11.0755 5556 kbdhid - ok

15:34:11.0818 5556 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:34:11.0849 5556 KeyIso - ok

15:34:11.0849 5556 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

15:34:11.0864 5556 KSecDD - ok

15:34:11.0880 5556 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

15:34:11.0880 5556 KSecPkg - ok

15:34:11.0896 5556 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:34:11.0927 5556 ksthunk - ok

15:34:11.0958 5556 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:34:12.0005 5556 KtmRm - ok

15:34:12.0083 5556 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

15:34:12.0130 5556 LanmanServer - ok

15:34:12.0176 5556 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

15:34:12.0223 5556 LanmanWorkstation - ok

15:34:12.0488 5556 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

15:34:12.0644 5556 LeapFrog Connect Device Service - ok

15:34:12.0785 5556 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys

15:34:12.0800 5556 Leapfrog-USBLAN - ok

15:34:12.0816 5556 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:34:12.0878 5556 lltdio - ok

15:34:12.0925 5556 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:34:13.0003 5556 lltdsvc - ok

15:34:13.0003 5556 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:34:13.0034 5556 lmhosts - ok

15:34:13.0081 5556 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:34:13.0081 5556 LSI_FC - ok

15:34:13.0081 5556 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:34:13.0097 5556 LSI_SAS - ok

15:34:13.0097 5556 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:34:13.0112 5556 LSI_SAS2 - ok

15:34:13.0112 5556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:34:13.0128 5556 LSI_SCSI - ok

15:34:13.0144 5556 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:34:13.0175 5556 luafv - ok

15:34:13.0222 5556 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

15:34:13.0237 5556 Mcx2Svc - ok

15:34:13.0237 5556 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:34:13.0253 5556 megasas - ok

15:34:13.0268 5556 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:34:13.0284 5556 MegaSR - ok

15:34:13.0284 5556 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:34:13.0362 5556 MMCSS - ok

15:34:13.0362 5556 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:34:13.0409 5556 Modem - ok

15:34:13.0424 5556 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:34:13.0456 5556 monitor - ok

15:34:13.0487 5556 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

15:34:13.0518 5556 mouclass - ok

15:34:13.0534 5556 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:34:13.0565 5556 mouhid - ok

15:34:13.0596 5556 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:34:13.0627 5556 mountmgr - ok

15:34:13.0643 5556 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:34:13.0658 5556 mpio - ok

15:34:13.0674 5556 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:34:13.0721 5556 mpsdrv - ok

15:34:13.0830 5556 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

15:34:13.0877 5556 MpsSvc - ok

15:34:13.0908 5556 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:34:13.0955 5556 MRxDAV - ok

15:34:14.0002 5556 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:34:14.0033 5556 mrxsmb - ok

15:34:14.0080 5556 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:34:14.0111 5556 mrxsmb10 - ok

15:34:14.0126 5556 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:34:14.0142 5556 mrxsmb20 - ok

15:34:14.0173 5556 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:34:14.0204 5556 msahci - ok

15:34:14.0220 5556 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:34:14.0220 5556 msdsm - ok

15:34:14.0236 5556 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:34:14.0282 5556 MSDTC - ok

15:34:14.0329 5556 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:34:14.0376 5556 Msfs - ok

15:34:14.0376 5556 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:34:14.0407 5556 mshidkmdf - ok

15:34:14.0407 5556 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:34:14.0423 5556 msisadrv - ok

15:34:14.0438 5556 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:34:14.0470 5556 MSiSCSI - ok

15:34:14.0470 5556 msiserver - ok

15:34:14.0501 5556 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:34:14.0532 5556 MSKSSRV - ok

15:34:14.0548 5556 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:34:14.0610 5556 MSPCLOCK - ok

15:34:14.0626 5556 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:34:14.0704 5556 MSPQM - ok

15:34:14.0750 5556 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:34:14.0782 5556 MsRPC - ok

15:34:14.0828 5556 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:34:14.0844 5556 mssmbios - ok

15:34:14.0860 5556 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:34:14.0906 5556 MSTEE - ok

15:34:14.0906 5556 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:34:14.0922 5556 MTConfig - ok

15:34:14.0938 5556 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:34:14.0938 5556 Mup - ok

15:34:15.0000 5556 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

15:34:15.0078 5556 napagent - ok

15:34:15.0109 5556 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:34:15.0140 5556 NativeWifiP - ok

15:34:15.0187 5556 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:34:15.0203 5556 NDIS - ok

15:34:15.0218 5556 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:34:15.0250 5556 NdisCap - ok

15:34:15.0265 5556 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:34:15.0281 5556 NdisTapi - ok

15:34:15.0328 5556 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:34:15.0374 5556 Ndisuio - ok

15:34:15.0437 5556 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:34:15.0484 5556 NdisWan - ok

15:34:15.0515 5556 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:34:15.0546 5556 NDProxy - ok

15:34:15.0562 5556 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:34:15.0608 5556 NetBIOS - ok

15:34:15.0624 5556 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:34:15.0702 5556 NetBT - ok

15:34:15.0733 5556 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:34:15.0749 5556 Netlogon - ok

15:34:15.0780 5556 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:34:15.0827 5556 Netman - ok

15:34:15.0842 5556 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:34:15.0889 5556 netprofm - ok

15:34:15.0952 5556 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:34:15.0967 5556 NetTcpPortSharing - ok

15:34:15.0998 5556 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:34:16.0014 5556 nfrd960 - ok

15:34:16.0076 5556 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

15:34:16.0123 5556 NlaSvc - ok

15:34:16.0139 5556 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:34:16.0170 5556 Npfs - ok

15:34:16.0186 5556 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:34:16.0217 5556 nsi - ok

15:34:16.0248 5556 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:34:16.0279 5556 nsiproxy - ok

15:34:16.0357 5556 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:34:16.0388 5556 Ntfs - ok

15:34:16.0451 5556 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:34:16.0513 5556 Null - ok

15:34:16.0560 5556 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:34:16.0560 5556 nvraid - ok

15:34:16.0607 5556 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:34:16.0622 5556 nvstor - ok

15:34:16.0700 5556 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:34:16.0716 5556 nv_agp - ok

15:34:16.0747 5556 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:34:16.0763 5556 ohci1394 - ok

15:34:16.0794 5556 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:34:16.0841 5556 p2pimsvc - ok

15:34:16.0872 5556 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:34:16.0903 5556 p2psvc - ok

15:34:16.0950 5556 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:34:16.0966 5556 Parport - ok

15:34:16.0997 5556 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

15:34:17.0028 5556 partmgr - ok

15:34:17.0028 5556 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:34:17.0059 5556 PcaSvc - ok

15:34:17.0075 5556 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:34:17.0090 5556 pci - ok

15:34:17.0090 5556 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:34:17.0106 5556 pciide - ok

15:34:17.0106 5556 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:34:17.0122 5556 pcmcia - ok

15:34:17.0153 5556 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:34:17.0168 5556 pcw - ok

15:34:17.0200 5556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:34:17.0262 5556 PEAUTH - ok

15:34:17.0309 5556 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:34:17.0340 5556 PerfHost - ok

15:34:17.0434 5556 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

15:34:17.0496 5556 pla - ok

15:34:17.0558 5556 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

15:34:17.0605 5556 PlugPlay - ok

15:34:17.0621 5556 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:34:17.0668 5556 PNRPAutoReg - ok

15:34:17.0714 5556 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:34:17.0746 5556 PNRPsvc - ok

15:34:17.0761 5556 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

15:34:17.0808 5556 PolicyAgent - ok

15:34:17.0839 5556 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:34:17.0902 5556 Power - ok

15:34:17.0980 5556 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:34:18.0042 5556 PptpMiniport - ok

15:34:18.0073 5556 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:34:18.0089 5556 Processor - ok

15:34:18.0120 5556 PROCEXP150 - ok

15:34:18.0167 5556 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

15:34:18.0229 5556 ProfSvc - ok

15:34:18.0276 5556 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:34:18.0292 5556 ProtectedStorage - ok

15:34:18.0338 5556 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:34:18.0385 5556 Psched - ok

15:34:18.0432 5556 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

15:34:18.0448 5556 PxHlpa64 - ok

15:34:18.0510 5556 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:34:18.0541 5556 ql2300 - ok

15:34:18.0588 5556 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:34:18.0619 5556 ql40xx - ok

15:34:18.0650 5556 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:34:18.0682 5556 QWAVE - ok

15:34:18.0697 5556 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:34:18.0697 5556 QWAVEdrv - ok

15:34:18.0728 5556 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:34:18.0760 5556 RasAcd - ok

15:34:18.0791 5556 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:34:18.0806 5556 RasAgileVpn - ok

15:34:18.0822 5556 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:34:18.0884 5556 RasAuto - ok

15:34:18.0931 5556 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:34:18.0978 5556 Rasl2tp - ok

15:34:19.0040 5556 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

15:34:19.0087 5556 RasMan - ok

15:34:19.0087 5556 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:34:19.0134 5556 RasPppoe - ok

15:34:19.0165 5556 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:34:19.0196 5556 RasSstp - ok

15:34:19.0212 5556 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:34:19.0243 5556 rdbss - ok

15:34:19.0243 5556 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:34:19.0259 5556 rdpbus - ok

15:34:19.0259 5556 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:34:19.0290 5556 RDPCDD - ok

15:34:19.0306 5556 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:34:19.0368 5556 RDPENCDD - ok

15:34:19.0399 5556 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:34:19.0415 5556 RDPREFMP - ok

15:34:19.0477 5556 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

15:34:19.0508 5556 RDPWD - ok

15:34:19.0555 5556 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:34:19.0586 5556 rdyboost - ok

15:34:19.0602 5556 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:34:19.0664 5556 RemoteAccess - ok

15:34:19.0711 5556 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:34:19.0758 5556 RemoteRegistry - ok

15:34:19.0914 5556 RoxMediaDB12OEM (bddc447ab46625a54619808575d5cb46) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

15:34:19.0945 5556 RoxMediaDB12OEM - ok

15:34:20.0008 5556 RoxWatch12 (ce203243adf512540249df9c264f12dd) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

15:34:20.0023 5556 RoxWatch12 - ok

15:34:20.0086 5556 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:34:20.0164 5556 RpcEptMapper - ok

15:34:20.0179 5556 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:34:20.0226 5556 RpcLocator - ok

15:34:20.0273 5556 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:34:20.0320 5556 RpcSs - ok

15:34:20.0351 5556 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:34:20.0398 5556 rspndr - ok

15:34:20.0444 5556 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:34:20.0460 5556 SamSs - ok

15:34:20.0476 5556 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:34:20.0491 5556 sbp2port - ok

15:34:20.0507 5556 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:34:20.0569 5556 SCardSvr - ok

15:34:20.0616 5556 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:34:20.0663 5556 scfilter - ok

15:34:20.0741 5556 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

15:34:20.0803 5556 Schedule - ok

15:34:20.0834 5556 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:34:20.0866 5556 SCPolicySvc - ok

15:34:20.0912 5556 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

15:34:20.0928 5556 SDRSVC - ok

15:34:20.0959 5556 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:34:20.0990 5556 secdrv - ok

15:34:21.0022 5556 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

15:34:21.0084 5556 seclogon - ok

15:34:21.0115 5556 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

15:34:21.0162 5556 SENS - ok

15:34:21.0178 5556 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:34:21.0224 5556 SensrSvc - ok

15:34:21.0240 5556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:34:21.0271 5556 Serenum - ok

15:34:21.0287 5556 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:34:21.0287 5556 Serial - ok

15:34:21.0349 5556 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:34:21.0365 5556 sermouse - ok

15:34:21.0412 5556 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

15:34:21.0474 5556 SessionEnv - ok

15:34:21.0490 5556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:34:21.0521 5556 sffdisk - ok

15:34:21.0536 5556 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:34:21.0552 5556 sffp_mmc - ok

15:34:21.0568 5556 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:34:21.0599 5556 sffp_sd - ok

15:34:21.0599 5556 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:34:21.0630 5556 sfloppy - ok

15:34:21.0677 5556 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:34:21.0755 5556 SharedAccess - ok

15:34:21.0786 5556 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

15:34:21.0833 5556 ShellHWDetection - ok

15:34:21.0848 5556 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:34:21.0848 5556 SiSRaid2 - ok

15:34:21.0848 5556 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:34:21.0864 5556 SiSRaid4 - ok

15:34:21.0864 5556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:34:21.0911 5556 Smb - ok

15:34:21.0942 5556 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:34:21.0973 5556 SNMPTRAP - ok

15:34:21.0973 5556 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:34:21.0989 5556 spldr - ok

15:34:22.0020 5556 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

15:34:22.0067 5556 Spooler - ok

15:34:22.0192 5556 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

15:34:22.0285 5556 sppsvc - ok

15:34:22.0348 5556 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:34:22.0394 5556 sppuinotify - ok

15:34:22.0472 5556 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:34:22.0519 5556 srv - ok

15:34:22.0535 5556 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:34:22.0582 5556 srv2 - ok

15:34:22.0613 5556 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:34:22.0644 5556 srvnet - ok

15:34:22.0660 5556 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:34:22.0706 5556 SSDPSRV - ok

15:34:22.0706 5556 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:34:22.0738 5556 SstpSvc - ok

15:34:22.0753 5556 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:34:22.0769 5556 stexstor - ok

15:34:22.0816 5556 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

15:34:22.0847 5556 StillCam - ok

15:34:22.0909 5556 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

15:34:22.0956 5556 stisvc - ok

15:34:23.0050 5556 stllssvr (9e182dd94496550a22a392cc1a8e0f52) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

15:34:23.0065 5556 stllssvr - ok

15:34:23.0096 5556 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:34:23.0112 5556 swenum - ok

15:34:23.0143 5556 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:34:23.0190 5556 swprv - ok

15:34:23.0284 5556 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

15:34:23.0377 5556 SysMain - ok

15:34:23.0471 5556 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

15:34:23.0502 5556 TabletInputService - ok

15:34:23.0549 5556 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

15:34:23.0627 5556 TapiSrv - ok

15:34:23.0642 5556 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:34:23.0658 5556 TBS - ok

15:34:23.0752 5556 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

15:34:23.0798 5556 Tcpip - ok

15:34:23.0923 5556 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

15:34:23.0970 5556 TCPIP6 - ok

15:34:24.0032 5556 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:34:24.0110 5556 tcpipreg - ok

15:34:24.0126 5556 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:34:24.0142 5556 TDPIPE - ok

15:34:24.0204 5556 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

15:34:24.0220 5556 TDTCP - ok

15:34:24.0266 5556 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:34:24.0298 5556 tdx - ok

15:34:24.0329 5556 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:34:24.0344 5556 TermDD - ok

15:34:24.0376 5556 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

15:34:24.0438 5556 TermService - ok

15:34:24.0438 5556 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:34:24.0454 5556 Themes - ok

15:34:24.0485 5556 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:34:24.0516 5556 THREADORDER - ok

15:34:24.0516 5556 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:34:24.0547 5556 TrkWks - ok

15:34:24.0610 5556 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

15:34:24.0656 5556 TrustedInstaller - ok

15:34:24.0688 5556 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:34:24.0734 5556 tssecsrv - ok

15:34:24.0797 5556 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:34:24.0828 5556 TsUsbFlt - ok

15:34:24.0890 5556 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:34:24.0937 5556 tunnel - ok

15:34:24.0953 5556 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:34:24.0953 5556 uagp35 - ok

15:34:24.0984 5556 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:34:25.0031 5556 udfs - ok

15:34:25.0046 5556 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:34:25.0046 5556 UI0Detect - ok

15:34:25.0093 5556 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:34:25.0124 5556 uliagpkx - ok

15:34:25.0171 5556 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:34:25.0187 5556 umbus - ok

15:34:25.0202 5556 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:34:25.0218 5556 UmPass - ok

15:34:25.0234 5556 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:34:25.0296 5556 upnphost - ok

15:34:25.0343 5556 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:34:25.0358 5556 usbccgp - ok

15:34:25.0390 5556 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:34:25.0405 5556 usbcir - ok

15:34:25.0452 5556 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

15:34:25.0468 5556 usbehci - ok

15:34:25.0483 5556 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:34:25.0530 5556 usbhub - ok

15:34:25.0546 5556 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:34:25.0561 5556 usbohci - ok

15:34:25.0577 5556 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:34:25.0608 5556 usbprint - ok

15:34:25.0655 5556 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

15:34:25.0686 5556 usbscan - ok

15:34:25.0748 5556 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:34:25.0795 5556 USBSTOR - ok

15:34:25.0811 5556 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

15:34:25.0826 5556 usbuhci - ok

15:34:25.0842 5556 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:34:25.0904 5556 UxSms - ok

15:34:25.0951 5556 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:34:25.0967 5556 VaultSvc - ok

15:34:26.0014 5556 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:34:26.0029 5556 vdrvroot - ok

15:34:26.0092 5556 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

15:34:26.0138 5556 vds - ok

15:34:26.0154 5556 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:34:26.0170 5556 vga - ok

15:34:26.0185 5556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:34:26.0232 5556 VgaSave - ok

15:34:26.0248 5556 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:34:26.0263 5556 vhdmp - ok

15:34:26.0294 5556 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:34:26.0310 5556 viaide - ok

15:34:26.0357 5556 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:34:26.0372 5556 volmgr - ok

15:34:26.0435 5556 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:34:26.0466 5556 volmgrx - ok

15:34:26.0482 5556 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:34:26.0497 5556 volsnap - ok

15:34:26.0528 5556 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:34:26.0544 5556 vsmraid - ok

15:34:26.0622 5556 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

15:34:26.0700 5556 VSS - ok

15:34:26.0762 5556 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

15:34:26.0794 5556 vwifibus - ok

15:34:26.0840 5556 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:34:26.0887 5556 W32Time - ok

15:34:26.0887 5556 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:34:26.0903 5556 WacomPen - ok

15:34:26.0950 5556 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:34:27.0012 5556 WANARP - ok

15:34:27.0012 5556 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:34:27.0043 5556 Wanarpv6 - ok

15:34:27.0121 5556 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:34:27.0168 5556 WatAdminSvc - ok

15:34:27.0246 5556 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

15:34:27.0340 5556 wbengine - ok

15:34:27.0386 5556 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:34:27.0402 5556 WbioSrvc - ok

15:34:27.0449 5556 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

15:34:27.0496 5556 wcncsvc - ok

15:34:27.0511 5556 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:34:27.0511 5556 WcsPlugInService - ok

15:34:27.0527 5556 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:34:27.0527 5556 Wd - ok

15:34:27.0574 5556 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:34:27.0589 5556 Wdf01000 - ok

15:34:27.0605 5556 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:34:27.0714 5556 WdiServiceHost - ok

15:34:27.0714 5556 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:34:27.0730 5556 WdiSystemHost - ok

15:34:27.0776 5556 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

15:34:27.0823 5556 WebClient - ok

15:34:27.0823 5556 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:34:27.0886 5556 Wecsvc - ok

15:34:27.0901 5556 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:34:27.0948 5556 wercplsupport - ok

15:34:27.0979 5556 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:34:28.0010 5556 WerSvc - ok

15:34:28.0026 5556 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:34:28.0057 5556 WfpLwf - ok

15:34:28.0104 5556 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

15:34:28.0120 5556 WimFltr - ok

15:34:28.0120 5556 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:34:28.0120 5556 WIMMount - ok

15:34:28.0151 5556 WinDefend - ok

15:34:28.0151 5556 WinHttpAutoProxySvc - ok

15:34:28.0182 5556 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:34:28.0229 5556 Winmgmt - ok

15:34:28.0307 5556 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

15:34:28.0385 5556 WinRM - ok

15:34:28.0478 5556 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

15:34:28.0510 5556 WinUsb - ok

15:34:28.0556 5556 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:34:28.0634 5556 Wlansvc - ok

15:34:28.0712 5556 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

15:34:28.0728 5556 wlcrasvc - ok

15:34:28.0837 5556 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:34:28.0884 5556 wlidsvc - ok

15:34:28.0962 5556 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:34:28.0978 5556 WmiAcpi - ok

15:34:29.0024 5556 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:34:29.0056 5556 wmiApSrv - ok

15:34:29.0071 5556 WMPNetworkSvc - ok

15:34:29.0087 5556 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:34:29.0118 5556 WPCSvc - ok

15:34:29.0165 5556 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

15:34:29.0196 5556 WPDBusEnum - ok

15:34:29.0212 5556 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:34:29.0274 5556 ws2ifsl - ok

15:34:29.0321 5556 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

15:34:29.0352 5556 wscsvc - ok

15:34:29.0352 5556 WSearch - ok

15:34:29.0477 5556 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

15:34:29.0555 5556 wuauserv - ok

15:34:29.0633 5556 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:34:29.0695 5556 WudfPf - ok

15:34:29.0711 5556 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:34:29.0773 5556 WUDFRd - ok

15:34:29.0820 5556 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

15:34:29.0867 5556 wudfsvc - ok

15:34:29.0882 5556 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:34:29.0898 5556 WwanSvc - ok

15:34:29.0929 5556 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

15:34:29.0976 5556 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

15:34:29.0976 5556 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

15:34:30.0038 5556 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:34:30.0038 5556 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:34:30.0038 5556 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR7

15:34:30.0148 5556 \Device\Harddisk6\DR7 - ok

15:34:30.0163 5556 Boot (0x1200) (2cb5f9a09d6d654133294679ca982d61) \Device\Harddisk0\DR0\Partition0

15:34:30.0163 5556 \Device\Harddisk0\DR0\Partition0 - ok

15:34:30.0194 5556 Boot (0x1200) (0191a40d7688940ab007bf8fdbf53c88) \Device\Harddisk0\DR0\Partition1

15:34:30.0194 5556 \Device\Harddisk0\DR0\Partition1 - ok

15:34:30.0194 5556 Boot (0x1200) (2920634f98dc23b7e0f5bd89f0a288d0) \Device\Harddisk6\DR7\Partition0

15:34:30.0194 5556 \Device\Harddisk6\DR7\Partition0 - ok

15:34:30.0194 5556 ============================================================

15:34:30.0194 5556 Scan finished

15:34:30.0194 5556 ============================================================

15:34:30.0210 2892 Detected object count: 3

15:34:30.0210 2892 Actual detected object count: 3

15:35:35.0434 2892 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

15:35:35.0434 2892 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:35:35.0824 2892 \Device\Harddisk0\DR0\# - copied to quarantine

15:35:35.0824 2892 \Device\Harddisk0\DR0 - copied to quarantine

15:35:35.0855 2892 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

15:35:35.0855 2892 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

15:35:35.0870 2892 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

15:35:35.0870 2892 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

15:35:35.0886 2892 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

15:35:35.0886 2892 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

15:35:35.0886 2892 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

15:35:35.0886 2892 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

15:35:35.0886 2892 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

15:35:35.0902 2892 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

15:35:35.0902 2892 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

15:35:35.0902 2892 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

15:35:35.0902 2892 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

15:35:35.0902 2892 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

15:35:35.0902 2892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

15:35:35.0902 2892 \Device\Harddisk0\DR0 - ok

15:35:35.0917 2892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

15:35:35.0917 2892 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:35:35.0917 2892 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:36:33.0934 5976 Deinitialize success

Link to post
Share on other sites

Please make sure you have rebooted before you do this.....

Run it again and just choose Delete for this one only: (you don't have to post the log)

15:35:35.0917 2892 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:35:35.0917 2892 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~~~~~~~

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

combofix output:

ComboFix 12-08-10.02 - Joe and Lisa 08/11/2012 14:12:07.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.6617 [GMT -5:00]

Running from: J:\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))

.

.

2012-08-11 20:35 . 2012-08-11 19:04 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 19:23 . 2012-08-11 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-08 07:56 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C1189E8-FE9B-4785-88BD-C957703B6652}\mpengine.dll

2012-08-03 00:45 . 2012-08-05 23:37 -------- d-----w- c:\users\Joe and Lisa\.explorer.cache

2012-08-03 00:45 . 2012-08-05 23:36 -------- d-----w- c:\users\Joe and Lisa\.explorer.local

2012-07-31 16:23 . 2012-08-06 04:37 -------- d-----w- c:\windows\system\System\Default\New folder137

2012-07-24 00:49 . 2012-07-24 00:49 -------- d-----w- C:\FRST

2012-07-16 03:05 . 2012-07-24 14:24 -------- d-----w- c:\windows\system\System\Default\New folder136

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 18:46 . 2011-02-19 03:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 02:19 . 2012-07-02 02:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-02 02:19 . 2011-06-04 14:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-14 08:06 . 2011-02-19 15:38 58957832 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-21 11:07 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 11:07 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 11:07 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 11:07 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 11:07 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 11:07 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 11:07 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 11:06 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-21 11:06 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-18 02:47 . 2012-06-14 08:00 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-05-18 02:16 . 2012-06-14 08:00 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-05-18 02:06 . 2012-06-14 08:00 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-05-18 01:59 . 2012-06-14 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-05-18 01:59 . 2012-06-14 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-05-18 01:58 . 2012-06-14 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-18 01:58 . 2012-06-14 08:00 237056 ----a-w- c:\windows\system32\url.dll

2012-05-18 01:56 . 2012-06-14 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-18 01:55 . 2012-06-14 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-18 01:55 . 2012-06-14 08:00 818688 ----a-w- c:\windows\system32\jscript.dll

2012-05-18 01:54 . 2012-06-14 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-05-18 01:51 . 2012-06-14 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-05-18 01:51 . 2012-06-14 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-18 01:47 . 2012-06-14 08:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-05-17 22:45 . 2012-06-14 08:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-05-17 22:35 . 2012-06-14 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-17 22:35 . 2012-06-14 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29 . 2012-06-14 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24 . 2012-06-14 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-05-15 01:32 . 2012-06-13 19:49 3146752 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-11_18.35.51 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-08-11 18:35 . 2012-08-11 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-11 19:24 . 2012-08-11 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-11 19:24 . 2012-08-11 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-11 18:35 . 2012-08-11 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-08-11 19:23 312224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-08-11 18:34 312224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-03-04 03:35 . 2012-08-11 19:01 56057690 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-91977268-874446968-1935824155-1001-12288.dat

- 2011-03-04 03:35 . 2012-08-11 18:34 56057690 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-91977268-874446968-1935824155-1001-12288.dat

+ 2011-12-11 21:15 . 2012-08-11 20:36 17514728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

- 2011-12-11 21:15 . 2012-08-11 18:34 17514728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320]

R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-19 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 14:21]

.

2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 14:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://finance.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-08-11 14:31:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-11 19:31

ComboFix2.txt 2012-08-11 18:49

.

Pre-Run: 307,652,624,384 bytes free

Post-Run: 307,580,903,424 bytes free

.

- - End Of File - - 5BE12C8A3A9EDC5F63B77EEFC5DB7C9D

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.