• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
apmiller01

Taken over by fake program

23 posts in this topic

Hello,

 

I am unable to post a log because my computer has been taken over by a rogue program. I am writing this from another PC. The infected computer is running Windows 7 64 bit and is protected with Avira and Malware Bytes. What happened is I clicked on a website link to wikipedia from a google search, and I must have been redirected. Firefox immediately shut down, Avira noted it found a trojan, and multiple error message windows popped up that looked like authentic Windows error screens but obviously were not. Then a window popped up saying there is a hard disk error and asking to run a scan. I accidently clicked the button the run the scan when the fake program came up. It would not let me exit out of the program or stop the scan, so I immediately forced a shut down on my laptop. When I started the computer up again, the scan started running again. Also, my desktop background was blank and it had installed a shortcut onto the desktop. I tried to access Malware Bytes from the start menu but it had been wiped out. The computer is too slow to do anything and I am afraid to use it while the scan is running for fear it will damage my system or send my personal information somewhere. Please advise as to how I can get started with getting help removing the malware given the infected computer cannot be accessed to run any scans. Thank you.

Share this post


Link to post
Share on other sites

Welcome apmiller01 to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

 

Just a few things before we begin:

 

:excl:Before proceeding:

  • In the upper right hand corner of this topic there is a button labelled Watch this topic. Please click this button, select Immediate E-Mail notification and then click Proceed to ensure you are notified when I reply.
  • Please back up your personal documents and files by copying them to a location other than your system drive.
  • Please open Notepad>Format and if Word Wrap is ticked, please select it to untick it.

 

:excl:For the duration of this topic:

Please DO NOT run, install and/or uninstall/remove any tools/ programs other than those I suggest to you in order to avoid conflicts and/or additional problems on your system. :thumbup:

 

 

:excl:When you receive new instructions:

  • Please read the whole post before carrying out any of the instructions.
  • All our tools must be downloaded to the Desktop and launched from there (unless I specify otherwise).
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program unless I ask you to.
  • Please DO NOT plug in any external devices like USBs and Hard Drives unless I ask you to.
  • If you encounter any problems please stop and let me know.

 

:excl:When replying:

  • Please click the Add Reply button post-10-126012383895.gif so that my reply is not posted back to me. Thank you!
  • Please copy and paste your logs into your post unless I specifically ask you to attach one.

_________________________________________________________________________________________________________________________________

 

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

 

I will be asking you to download a couple of tools. Please do this all at once on your clean computer and use a flash drive to take them to the infected computer. Also, if the computer needs to reboot at any stage please allow it to do so, but make sure you boot back into Safe Mode. :thumbup:

 

 

First, please reboot to Safe Mode on the infected computer (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

 

 

Next, please download RogueKiller to your Desktop.

 

  • Quit all running programs.
  • For Vista/Seven, right click -> Run as administrator.
  • When prompted, type 1 and Validate.
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next Reply.

===========

 

Next, please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).


  •  
  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.

rkill.exe

rkill.com

rkill.scr

 

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

 

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

 

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.

===

 

Please do not reboot your computer.

 

 

Now, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

 

Please go here to see a list of programs that need to be disabled.

 

**Note 1: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

 

**Note 2: If a message appears that says "Illegal operation attempted on a registry key that has been marked for deletion", please reboot your computer.**

 

Please include the C:\ComboFix.txt in your next reply for further review.

 

 

Finally, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

 

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
     
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
     
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

=========

 

In your next post, please provide the following:

  • Report from RogueKiller.
  • ComboFix.txt.
  • Log from TDSSKiller.

How is the computer currently running?

Edited by The Dark Knight

Share this post


Link to post
Share on other sites

Ok, this is probably a stupid question but how do I access my flash drive from safe mode? The drive shows up in the taskbar but I can't get to my computer from the start menu.

Share this post


Link to post
Share on other sites

Hello apmiller01. :)

 

Please boot into Safe Mode with Networking, and try downloading the tools through that mode. Then, please continue with my instructions. :thumbup:

Share this post


Link to post
Share on other sites

Ok, I've ran all the steps up to ComboFix, which restarted my computer when it was done. Now, no matter how many times I hit F8, I can't get it to boot into safe mode. Should I boot it up normally to post the logs and run TDSSKiller?

Share this post


Link to post
Share on other sites

Nevermind... here are the logs

 

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: Alex [Admin rights]

Mode: Scan -- Date: 03/24/2012 21:43:40

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 21 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : FeJChgfgRCtr.exe (C:\ProgramData\FeJChgfgRCtr.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1683259845-1176365275-512175087-1001[...]\Run : FeJChgfgRCtr.exe (C:\ProgramData\FeJChgfgRCtr.exe) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 86f958caff32bb54b927bff5ecc04d2f

[bSP] 7c26b365ff82d6de818a6300ceea652b : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

ComboFix 12-03-22.01 - Alex 03/24/2012 21:54:34.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.3168 [GMT -7:00]

Running from: c:\users\Alex\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\~06VbpCXc0fkptZ

c:\programdata\~06VbpCXc0fkptZr

c:\programdata\06VbpCXc0fkptZ

c:\programdata\06VbpCXc0fkptZ.exe

c:\programdata\FeJChgfgRCtr.exe

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk

c:\users\Alex\Desktop\System Check.lnk

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))

.

.

2012-03-22 01:53 . 2012-03-22 01:53 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2012-03-16 04:32 . 2012-03-16 04:32 -------- d-----w- c:\program files\iPod

2012-03-16 04:32 . 2012-03-16 04:33 -------- d-----w- c:\program files\iTunes

2012-03-16 04:32 . 2012-03-16 04:33 -------- d-----w- c:\program files (x86)\iTunes

2012-03-14 04:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 04:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 04:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 03:56 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 03:56 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 03:56 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 03:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 03:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 03:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 03:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 03:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 03:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 03:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-11 04:22 . 2012-03-11 04:22 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-03-11 04:22 . 2012-03-11 04:22 -------- d-----r- c:\program files (x86)\Skype

2012-03-02 19:54 . 2012-03-02 19:54 5164704 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-15 04:29 . 2011-06-27 02:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-16 07:24 . 2012-02-16 07:24 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-02-16 07:24 . 2012-02-16 07:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 17:01 . 2011-10-23 21:44 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-01-04 10:44 . 2012-02-16 17:08 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-16 17:08 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-16 17:08 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-16 17:08 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-16 17:08 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-07 1446760]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-24 86224]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

2012-03-24 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\46b49hz8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-FeJChgfgRCtr.exe - c:\programdata\FeJChgfgRCtr.exe

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

Wow6432Node-HKLM-RunOnce-Launcher - C1\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-24 22:31:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-25 05:31

.

Pre-Run: 114,221,506,560 bytes free

Post-Run: 114,828,824,576 bytes free

.

- - End Of File - - 4511EE595DD3A462909D26DDDEA3ACA6

 

22:34:43.0853 0780 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

22:34:44.0367 0780 ============================================================

22:34:44.0367 0780 Current date / time: 2012/03/24 22:34:44.0367

22:34:44.0367 0780 SystemInfo:

22:34:44.0367 0780

22:34:44.0367 0780 OS Version: 6.1.7601 ServicePack: 1.0

22:34:44.0367 0780 Product type: Workstation

22:34:44.0367 0780 ComputerName: ALEX-PC

22:34:44.0367 0780 UserName: Alex

22:34:44.0367 0780 Windows directory: C:\Windows

22:34:44.0367 0780 System windows directory: C:\Windows

22:34:44.0367 0780 Running under WOW64

22:34:44.0367 0780 Processor architecture: Intel x64

22:34:44.0367 0780 Number of processors: 4

22:34:44.0367 0780 Page size: 0x1000

22:34:44.0367 0780 Boot type: Safe boot with network

22:34:44.0367 0780 ============================================================

22:34:44.0898 0780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:34:44.0898 0780 \Device\Harddisk0\DR0:

22:34:44.0898 0780 MBR used

22:34:44.0898 0780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

22:34:44.0898 0780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236AFAB0

22:34:44.0929 0780 Initialize success

22:34:44.0929 0780 ============================================================

22:34:47.0144 1368 ============================================================

22:34:47.0144 1368 Scan started

22:34:47.0144 1368 Mode: Manual;

22:34:47.0144 1368 ============================================================

22:34:49.0219 1368 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:34:49.0219 1368 1394ohci - ok

22:34:49.0297 1368 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:34:49.0297 1368 ACPI - ok

22:34:49.0391 1368 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:34:49.0391 1368 AcpiPmi - ok

22:34:49.0469 1368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:34:49.0469 1368 adp94xx - ok

22:34:49.0578 1368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:34:49.0578 1368 adpahci - ok

22:34:49.0609 1368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:34:49.0609 1368 adpu320 - ok

22:34:49.0640 1368 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

22:34:49.0640 1368 AeLookupSvc - ok

22:34:49.0718 1368 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

22:34:49.0718 1368 AESTFilters - ok

22:34:49.0890 1368 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

22:34:49.0890 1368 AFD - ok

22:34:49.0968 1368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:34:49.0968 1368 agp440 - ok

22:34:50.0077 1368 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

22:34:50.0077 1368 ALG - ok

22:34:50.0171 1368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:34:50.0171 1368 aliide - ok

22:34:50.0295 1368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:34:50.0295 1368 amdide - ok

22:34:50.0342 1368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:34:50.0342 1368 AmdK8 - ok

22:34:50.0358 1368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:34:50.0358 1368 AmdPPM - ok

22:34:50.0483 1368 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:34:50.0483 1368 amdsata - ok

22:34:50.0514 1368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:34:50.0529 1368 amdsbs - ok

22:34:50.0561 1368 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:34:50.0561 1368 amdxata - ok

22:34:50.0654 1368 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

22:34:50.0654 1368 AntiVirSchedulerService - ok

22:34:50.0717 1368 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

22:34:50.0732 1368 AntiVirService - ok

22:34:50.0888 1368 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:34:50.0888 1368 AppID - ok

22:34:50.0919 1368 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

22:34:50.0919 1368 AppIDSvc - ok

22:34:51.0029 1368 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

22:34:51.0029 1368 Appinfo - ok

22:34:51.0107 1368 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:34:51.0107 1368 Apple Mobile Device - ok

22:34:51.0278 1368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:34:51.0278 1368 arc - ok

22:34:51.0278 1368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:34:51.0278 1368 arcsas - ok

22:34:51.0309 1368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:34:51.0309 1368 AsyncMac - ok

22:34:51.0419 1368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:34:51.0419 1368 atapi - ok

22:34:51.0512 1368 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:34:51.0528 1368 AudioEndpointBuilder - ok

22:34:51.0543 1368 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:34:51.0543 1368 AudioSrv - ok

22:34:51.0684 1368 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

22:34:51.0684 1368 avgntflt - ok

22:34:51.0746 1368 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

22:34:51.0746 1368 avipbb - ok

22:34:51.0777 1368 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

22:34:51.0777 1368 avkmgr - ok

22:34:51.0933 1368 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

22:34:51.0933 1368 AxInstSV - ok

22:34:52.0011 1368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:34:52.0011 1368 b06bdrv - ok

22:34:52.0136 1368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:34:52.0136 1368 b57nd60a - ok

22:34:52.0199 1368 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

22:34:52.0199 1368 BCM42RLY - ok

22:34:52.0370 1368 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

22:34:52.0386 1368 BCM43XX - ok

22:34:52.0526 1368 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

22:34:52.0526 1368 BcmVWL - ok

22:34:52.0557 1368 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

22:34:52.0557 1368 BDESVC - ok

22:34:52.0635 1368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:34:52.0635 1368 Beep - ok

22:34:52.0760 1368 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

22:34:52.0776 1368 BFE - ok

22:34:52.0885 1368 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\SysWOW64\bgsvcgen.exe

22:34:52.0885 1368 bgsvcgen - ok

22:34:52.0979 1368 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

22:34:52.0979 1368 BITS - ok

22:34:53.0103 1368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:34:53.0103 1368 blbdrive - ok

22:34:53.0228 1368 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

22:34:53.0244 1368 Bonjour Service - ok

22:34:53.0384 1368 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:34:53.0384 1368 bowser - ok

22:34:53.0431 1368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:34:53.0431 1368 BrFiltLo - ok

22:34:53.0447 1368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:34:53.0447 1368 BrFiltUp - ok

22:34:53.0556 1368 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

22:34:53.0556 1368 BridgeMP - ok

22:34:53.0603 1368 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

22:34:53.0603 1368 Browser - ok

22:34:53.0634 1368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:34:53.0634 1368 Brserid - ok

22:34:53.0665 1368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:34:53.0665 1368 BrSerWdm - ok

22:34:53.0759 1368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:34:53.0774 1368 BrUsbMdm - ok

22:34:53.0790 1368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:34:53.0790 1368 BrUsbSer - ok

22:34:53.0790 1368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:34:53.0790 1368 BTHMODEM - ok

22:34:53.0837 1368 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

22:34:53.0837 1368 bthserv - ok

22:34:53.0868 1368 catchme - ok

22:34:53.0993 1368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:34:53.0993 1368 cdfs - ok

22:34:54.0086 1368 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

22:34:54.0086 1368 cdrom - ok

22:34:54.0211 1368 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:34:54.0227 1368 CertPropSvc - ok

22:34:54.0258 1368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:34:54.0258 1368 circlass - ok

22:34:54.0289 1368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:34:54.0305 1368 CLFS - ok

22:34:54.0414 1368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:34:54.0429 1368 clr_optimization_v2.0.50727_32 - ok

22:34:54.0461 1368 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:34:54.0461 1368 clr_optimization_v2.0.50727_64 - ok

22:34:54.0648 1368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:34:54.0648 1368 clr_optimization_v4.0.30319_32 - ok

22:34:54.0710 1368 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:34:54.0710 1368 clr_optimization_v4.0.30319_64 - ok

22:34:54.0835 1368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:34:54.0835 1368 CmBatt - ok

22:34:54.0913 1368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:34:54.0913 1368 cmdide - ok

22:34:54.0975 1368 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:34:54.0975 1368 CNG - ok

22:34:55.0100 1368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:34:55.0100 1368 Compbatt - ok

22:34:55.0163 1368 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

22:34:55.0163 1368 CompositeBus - ok

22:34:55.0178 1368 COMSysApp - ok

22:34:55.0194 1368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:34:55.0194 1368 crcdisk - ok

22:34:55.0319 1368 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

22:34:55.0319 1368 CryptSvc - ok

22:34:55.0397 1368 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

22:34:55.0397 1368 CtClsFlt - ok

22:34:55.0553 1368 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:34:55.0553 1368 DcomLaunch - ok

22:34:55.0631 1368 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

22:34:55.0646 1368 defragsvc - ok

22:34:55.0724 1368 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:34:55.0724 1368 DfsC - ok

22:34:55.0802 1368 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys

22:34:55.0802 1368 dg_ssudbus - ok

22:34:55.0927 1368 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

22:34:55.0927 1368 Dhcp - ok

22:34:56.0005 1368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:34:56.0005 1368 discache - ok

22:34:56.0099 1368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:34:56.0099 1368 Disk - ok

22:34:56.0192 1368 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

22:34:56.0192 1368 Dnscache - ok

22:34:56.0317 1368 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

22:34:56.0317 1368 DockLoginService - ok

22:34:56.0457 1368 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

22:34:56.0457 1368 dot3svc - ok

22:34:56.0504 1368 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

22:34:56.0504 1368 DPS - ok

22:34:56.0551 1368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:34:56.0551 1368 drmkaud - ok

22:34:56.0723 1368 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:34:56.0723 1368 DXGKrnl - ok

22:34:56.0832 1368 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

22:34:56.0832 1368 EapHost - ok

22:34:56.0941 1368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:34:57.0003 1368 ebdrv - ok

22:34:57.0144 1368 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

22:34:57.0144 1368 EFS - ok

22:34:57.0222 1368 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

22:34:57.0237 1368 ehRecvr - ok

22:34:57.0331 1368 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

22:34:57.0331 1368 ehSched - ok

22:34:57.0440 1368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:34:57.0440 1368 elxstor - ok

22:34:57.0534 1368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:34:57.0534 1368 ErrDev - ok

22:34:57.0627 1368 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

22:34:57.0627 1368 EventSystem - ok

22:34:57.0737 1368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:34:57.0737 1368 exfat - ok

22:34:57.0815 1368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:34:57.0815 1368 fastfat - ok

22:34:57.0908 1368 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

22:34:57.0924 1368 Fax - ok

22:34:58.0064 1368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:34:58.0064 1368 fdc - ok

22:34:58.0111 1368 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

22:34:58.0111 1368 fdPHost - ok

22:34:58.0189 1368 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

22:34:58.0189 1368 FDResPub - ok

22:34:58.0205 1368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:34:58.0205 1368 FileInfo - ok

22:34:58.0251 1368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:34:58.0251 1368 Filetrace - ok

22:34:58.0345 1368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:34:58.0345 1368 flpydisk - ok

22:34:58.0407 1368 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:34:58.0407 1368 FltMgr - ok

22:34:58.0485 1368 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

22:34:58.0501 1368 FontCache - ok

22:34:58.0657 1368 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:34:58.0657 1368 FontCache3.0.0.0 - ok

22:34:58.0735 1368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:34:58.0735 1368 FsDepends - ok

22:34:58.0813 1368 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

22:34:58.0813 1368 Fs_Rec - ok

22:34:58.0875 1368 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:34:58.0875 1368 fvevol - ok

22:34:58.0953 1368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:34:58.0953 1368 gagp30kx - ok

22:34:59.0047 1368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:34:59.0047 1368 GEARAspiWDM - ok

22:34:59.0109 1368 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

22:34:59.0109 1368 gpsvc - ok

22:34:59.0250 1368 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys

22:34:59.0250 1368 grmnusb - ok

22:34:59.0297 1368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:34:59.0297 1368 hcw85cir - ok

22:34:59.0437 1368 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:34:59.0437 1368 HdAudAddService - ok

22:34:59.0562 1368 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

22:34:59.0562 1368 HDAudBus - ok

22:34:59.0671 1368 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

22:34:59.0671 1368 HECIx64 - ok

22:34:59.0702 1368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:34:59.0702 1368 HidBatt - ok

22:34:59.0749 1368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:34:59.0749 1368 HidBth - ok

22:34:59.0811 1368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:34:59.0811 1368 HidIr - ok

22:34:59.0843 1368 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

22:34:59.0843 1368 hidserv - ok

22:34:59.0936 1368 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

22:34:59.0936 1368 HidUsb - ok

22:35:00.0014 1368 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

22:35:00.0014 1368 hkmsvc - ok

22:35:00.0092 1368 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

22:35:00.0092 1368 HomeGroupListener - ok

22:35:00.0186 1368 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

22:35:00.0186 1368 HomeGroupProvider - ok

22:35:00.0279 1368 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:35:00.0279 1368 HpSAMD - ok

22:35:00.0420 1368 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:35:00.0435 1368 HTTP - ok

22:35:00.0576 1368 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:35:00.0576 1368 hwpolicy - ok

22:35:00.0623 1368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

22:35:00.0623 1368 i8042prt - ok

22:35:00.0669 1368 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys

22:35:00.0685 1368 iaStor - ok

22:35:00.0779 1368 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

22:35:00.0779 1368 IAStorDataMgrSvc - ok

22:35:00.0919 1368 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:35:00.0935 1368 iaStorV - ok

22:35:01.0044 1368 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:35:01.0044 1368 idsvc - ok

22:35:01.0387 1368 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

22:35:01.0590 1368 igfx - ok

22:35:01.0730 1368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:35:01.0730 1368 iirsp - ok

22:35:01.0793 1368 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

22:35:01.0808 1368 IKEEXT - ok

22:35:01.0933 1368 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

22:35:01.0933 1368 Impcd - ok

22:35:01.0964 1368 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

22:35:01.0980 1368 IntcDAud - ok

22:35:02.0151 1368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:35:02.0151 1368 intelide - ok

22:35:02.0198 1368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:35:02.0198 1368 intelppm - ok

22:35:02.0323 1368 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

22:35:02.0339 1368 IPBusEnum - ok

22:35:02.0385 1368 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:35:02.0385 1368 IpFilterDriver - ok

22:35:02.0448 1368 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

22:35:02.0448 1368 iphlpsvc - ok

22:35:02.0573 1368 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:35:02.0573 1368 IPMIDRV - ok

22:35:02.0604 1368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:35:02.0604 1368 IPNAT - ok

22:35:02.0697 1368 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

22:35:02.0713 1368 iPod Service - ok

22:35:02.0822 1368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:35:02.0822 1368 IRENUM - ok

22:35:02.0885 1368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:35:02.0885 1368 isapnp - ok

22:35:02.0916 1368 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:35:02.0931 1368 iScsiPrt - ok

22:35:03.0056 1368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

22:35:03.0056 1368 kbdclass - ok

22:35:03.0087 1368 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

22:35:03.0087 1368 kbdhid - ok

22:35:03.0134 1368 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:35:03.0134 1368 KeyIso - ok

22:35:03.0243 1368 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:35:03.0259 1368 KSecDD - ok

22:35:03.0290 1368 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:35:03.0290 1368 KSecPkg - ok

22:35:03.0321 1368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:35:03.0321 1368 ksthunk - ok

22:35:03.0446 1368 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

22:35:03.0446 1368 KtmRm - ok

22:35:03.0509 1368 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

22:35:03.0509 1368 LanmanServer - ok

22:35:03.0602 1368 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

22:35:03.0602 1368 LanmanWorkstation - ok

22:35:03.0696 1368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:35:03.0696 1368 lltdio - ok

22:35:03.0774 1368 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

22:35:03.0774 1368 lltdsvc - ok

22:35:03.0821 1368 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

22:35:03.0821 1368 lmhosts - ok

22:35:03.0914 1368 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

22:35:03.0914 1368 LMS - ok

22:35:04.0039 1368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:35:04.0039 1368 LSI_FC - ok

22:35:04.0039 1368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:35:04.0039 1368 LSI_SAS - ok

22:35:04.0055 1368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:35:04.0055 1368 LSI_SAS2 - ok

22:35:04.0070 1368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:35:04.0070 1368 LSI_SCSI - ok

22:35:04.0101 1368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:35:04.0101 1368 luafv - ok

22:35:04.0257 1368 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

22:35:04.0257 1368 MBAMProtector - ok

22:35:04.0398 1368 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:35:04.0398 1368 MBAMService - ok

22:35:04.0585 1368 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

22:35:04.0585 1368 Mcx2Svc - ok

22:35:04.0632 1368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:35:04.0632 1368 megasas - ok

22:35:04.0679 1368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:35:04.0679 1368 MegaSR - ok

22:35:04.0741 1368 Microsoft SharePoint Workspace Audit Service - ok

22:35:04.0866 1368 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:35:04.0866 1368 MMCSS - ok

22:35:04.0897 1368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:35:04.0897 1368 Modem - ok

22:35:04.0944 1368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:35:04.0944 1368 monitor - ok

22:35:05.0037 1368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

22:35:05.0037 1368 mouclass - ok

22:35:05.0084 1368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:35:05.0084 1368 mouhid - ok

22:35:05.0131 1368 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:35:05.0147 1368 mountmgr - ok

22:35:05.0193 1368 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:35:05.0193 1368 mpio - ok

22:35:05.0318 1368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:35:05.0318 1368 mpsdrv - ok

22:35:05.0381 1368 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

22:35:05.0381 1368 MpsSvc - ok

22:35:05.0521 1368 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:35:05.0521 1368 MRxDAV - ok

22:35:05.0583 1368 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:35:05.0583 1368 mrxsmb - ok

22:35:05.0646 1368 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:35:05.0646 1368 mrxsmb10 - ok

22:35:05.0693 1368 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:35:05.0693 1368 mrxsmb20 - ok

22:35:05.0817 1368 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:35:05.0817 1368 msahci - ok

22:35:05.0880 1368 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:35:05.0880 1368 msdsm - ok

22:35:05.0895 1368 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

22:35:05.0911 1368 MSDTC - ok

22:35:06.0051 1368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:35:06.0051 1368 Msfs - ok

22:35:06.0067 1368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:35:06.0067 1368 mshidkmdf - ok

22:35:06.0114 1368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:35:06.0114 1368 msisadrv - ok

22:35:06.0239 1368 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

22:35:06.0239 1368 MSiSCSI - ok

22:35:06.0254 1368 msiserver - ok

22:35:06.0379 1368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:35:06.0379 1368 MSKSSRV - ok

22:35:06.0395 1368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:35:06.0395 1368 MSPCLOCK - ok

22:35:06.0426 1368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:35:06.0426 1368 MSPQM - ok

22:35:06.0488 1368 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:35:06.0504 1368 MsRPC - ok

22:35:06.0644 1368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

22:35:06.0644 1368 mssmbios - ok

22:35:06.0675 1368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:35:06.0675 1368 MSTEE - ok

22:35:06.0691 1368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:35:06.0691 1368 MTConfig - ok

22:35:06.0785 1368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:35:06.0785 1368 Mup - ok

22:35:06.0863 1368 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

22:35:06.0863 1368 napagent - ok

22:35:07.0003 1368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:35:07.0003 1368 NativeWifiP - ok

22:35:07.0081 1368 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:35:07.0097 1368 NDIS - ok

22:35:07.0221 1368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:35:07.0221 1368 NdisCap - ok

22:35:07.0253 1368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:35:07.0253 1368 NdisTapi - ok

22:35:07.0315 1368 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:35:07.0315 1368 Ndisuio - ok

22:35:07.0362 1368 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:35:07.0362 1368 NdisWan - ok

22:35:07.0502 1368 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:35:07.0502 1368 NDProxy - ok

22:35:07.0549 1368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:35:07.0549 1368 NetBIOS - ok

22:35:07.0596 1368 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:35:07.0596 1368 NetBT - ok

22:35:07.0721 1368 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:35:07.0721 1368 Netlogon - ok

22:35:07.0783 1368 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

22:35:07.0783 1368 Netman - ok

22:35:07.0861 1368 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

22:35:07.0861 1368 netprofm - ok

22:35:07.0923 1368 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:35:07.0923 1368 NetTcpPortSharing - ok

22:35:08.0001 1368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:35:08.0001 1368 nfrd960 - ok

22:35:08.0095 1368 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

22:35:08.0111 1368 NlaSvc - ok

22:35:08.0189 1368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:35:08.0189 1368 Npfs - ok

22:35:08.0220 1368 nsi (d54bfdf3e0c953f823

Share this post


Link to post
Share on other sites

Hello apmiller01. :)

 

Great that you were able to get those logs. :thumbup:

 

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).


  •  
  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.

rkill.exe

rkill.com

rkill.scr

 

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

 

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

 

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.

===

 

Please do not reboot your computer.

 

 

Please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
     
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
     

    killall::
     
    DDS::
    uInternet Settings,ProxyOverride = *.local
     
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
     
    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

 

Please post the ComboFix.txt in your next reply.

==========

Next, please quit all running programs and run RogueKiller once again.

 

  • For Vista/Seven, right-click -> Run as administrator.
  • When prompted, type 2 and Validate.
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next Reply.

 

 

Finally, please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    [*]Double click on the DDS icon and allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window.

Please post the contents of the log in your next reply.

==========

 

In your next post, I would like to see the following please:

  • ComboFix.txt.
  • DDS.txt.
  • If the fake program is still present.

How is your computer running now?

Share this post


Link to post
Share on other sites

Computer is running good now, no sign of the malware program at all. Thank you! Here are the logs, FYI RogueKiller never prompted me to type 2 and validate, I just clicked on scan.

 

ComboFix 12-03-22.01 - Alex 03/24/2012 23:24:35.2.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.3139 [GMT -7:00]

Running from: c:\users\Alex\Desktop\ComboFix.exe

Command switches used :: c:\users\Alex\Desktop\CFScript.txt

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))

.

.

2012-03-25 06:30 . 2012-03-25 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-22 01:53 . 2012-03-22 01:53 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2012-03-16 04:32 . 2012-03-16 04:32 -------- d-----w- c:\program files\iPod

2012-03-16 04:32 . 2012-03-16 04:33 -------- d-----w- c:\program files\iTunes

2012-03-16 04:32 . 2012-03-16 04:33 -------- d-----w- c:\program files (x86)\iTunes

2012-03-14 04:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 04:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 04:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 03:56 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 03:56 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 03:56 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 03:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 03:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 03:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 03:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 03:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 03:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 03:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-11 04:22 . 2012-03-11 04:22 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-03-11 04:22 . 2012-03-11 04:22 -------- d-----r- c:\program files (x86)\Skype

2012-03-02 19:54 . 2012-03-02 19:54 5164704 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-15 04:29 . 2011-06-27 02:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-16 07:24 . 2012-02-16 07:24 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-02-16 07:24 . 2012-02-16 07:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 17:01 . 2011-10-23 21:44 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-01-04 10:44 . 2012-02-16 17:08 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-16 17:08 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-16 17:08 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-16 17:08 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-16 17:08 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-25_05.26.45 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-03-25 05:26 . 2012-03-25 05:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-25 06:31 . 2012-03-25 06:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-25 06:31 . 2012-03-25 06:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-25 05:26 . 2012-03-25 05:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-07 1446760]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-24 86224]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

2012-03-24 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\46b49hz8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-24 23:37:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-25 06:37

ComboFix2.txt 2012-03-25 05:31

.

Pre-Run: 114,865,164,288 bytes free

Post-Run: 114,591,076,352 bytes free

.

- - End Of File - - B35CDC143AC2FD3FF19C246755385E07

 

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: Alex [Admin rights]

Mode: Scan -- Date: 03/24/2012 23:39:05

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 10 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 86f958caff32bb54b927bff5ecc04d2f

[bSP] 7c26b365ff82d6de818a6300ceea652b : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

 

 

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23

Run by Alex at 23:40:48 on 2012-03-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.3273 [GMT -7:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [GrpConv] grpconv -o

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3C22EBEE-AF40-45E8-82FE-705568E8FD34} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3C22EBEE-AF40-45E8-82FE-705568E8FD34}\14C6C65697341647 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{3C22EBEE-AF40-45E8-82FE-705568E8FD34}\16474777966696F5D656564796E676 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [GrpConv] grpconv -o

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\46b49hz8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\46b49hz8.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-8-31 89600]

S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-23 86224]

S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-23 110032]

S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-31 13336]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-4 652360]

S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-31 689472]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-31 2320920]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\

<script LANGUAGE="JavaScript">

 

function Measure_this(EV)

{

var img = new Image();

img.src = "http://media.match.com/image_htmlping?spacedesc=2186184_1116771_300x120_2186181_2186184&af=1121888&txntime=2012.03.25.06.47.42&ml_usec=253498&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2186184&ml_camp=1116772&ml_crid=2186824&jtime=" + (new Date()).getTime() +

"&group=inBanner&event=" + EV.replace(/[\r\t &+=]/g, '_');

}

 

var swf_name= 'http://media.match.com/xl/PROD/19706/creatives/mat_grl_patches_3BigImgRePopScrollImgsDsslve_vsgeo_6ageradio_na_102440_032112_NoY_300x120.dir/mat_grl_patches_3bigimgrepopscrollimgsdsslve_vsgeo_6ageradio_na_102440_032112_noy_300x120.swf';

var flash_name= '"' + swf_name + '"';

var swfVer= 80/10;

var swfMime= 'application/x-shockwave-flash';

var clickTAGs= 'clickTARGET=_blank' + '&clickTAG=' + escape('http://media.match.com/click.ng?spacedesc=2186184_1116771_300x120_2186181_2186184&af=1121888&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2186184&ml_camp=1116772&ml_crid=2186824&ml_multiclick=clickTAG1&click=http://www.match.com/qsearch/qsearchdl.aspx?trackingID=526974&sourceid=1116772_1116771_2186181_2186184_1121888_2186824_300x120');

clickTAGs += '&swfPATH=' + escape('http://media.match.com/xl/PROD/19706/creatives/mat_grl_patches_3BigImgRePopScrollImgsDsslve_vsgeo_6ageradio_na_102440_032112_NoY_300x120.dir/');

clickTAGs += '&IPcity=' + escape('Rocklin');

clickTAGs += '&IPstate=' + escape('CA');

clickTAGs += '&IPdma=' + escape('862');

clickTAGs += '&IPzip=' + escape('95765');

clickTAGs += '&Measure_this=Measure_this';

clickTAGs += '&TE_MEASUREIMAGE=' + escape('http://media.match.com/image_htmlping?spacedesc=2186184_1116771_300x120_2186181_2186184&af=1121888&txntime=2012.03.25.06.47.42&ml_usec=253498&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2186184&ml_camp=1116772&ml_crid=2186824');

//clickTAGs += '&dynPATH=' + escape('http://media.match.com/xl/PROD/19706/creatives/mat_grl_patches_3BigImgRePopScrollImgsDsslve_vsgeo_6ageradio_na_102440_032112_NoY_300x120.dir/fetch.cp?cache=no-cache&file=');

var qWidth= ' WIDTH="300"';

var qHeight= ' HEIGHT="120"';

var qA= '<A TARGET="_blank" HREF="http://media.match.com/click.ng?spacedesc=2186184_1116771_300x120_2186181_2186184&af=1121888&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2186184&ml_camp=1116772&ml_crid=2186824&click=http://www.match.com/qsearch/qsearchdl.aspx?trackingID=526974&sourceid=1116772_1116771_2186181_2186184_1121888_2186824_300x120">';'>http://media.match.com/click.ng?spacedesc=2186184_1116771_300x120_2186181_2186184&af=1121888&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2186184&ml_camp=1116772&ml_crid=2186824&click=http://www.match.com/qsearch/qsearchdl.aspx?trackingID=526974&sourceid=1116772_1116771_2186181_2186184_1121888_2186824_300x120">';

var qImg= '<IMG SRC="http://media.match.com/xl/PROD/19706/creatives/mat_grl_patches_3BigImgRePopScrollImgsDsslve_vsgeo_6ageradio_na_102440_032112_NoY_300x120.dir/mat_grl_patches_3bigimgrepopscrollimgsdsslve_vsgeo_6ageradio_na_102440_032112_noy_300x120.gif"''>http://media.match.com/xl/PROD/19706/creatives/mat_grl_patches_3BigImgRePopScrollImgsDsslve_vsgeo_6ageradio_na_102440_032112_NoY_300x120.dir/mat_grl_patches_3bigimgrepopscrollimgsdsslve_vsgeo_6ageradio_na_102440_032112_noy_300x120.gif"' +qWidth+qHeight + ' BORDER="0"></A>';

var qType= ' TYPE="' + swfMime + '"';

var qID= 'SWF_AD_' + (new Date()).getTime()%100000;

var wmode= '';

if( wmode.length <= 0 ) {

wmode= 'opaque';

}

var qWmode= '> <PARAM NAME="wmode" VALUE="' + wmode + '"';

var qFlashVars = '> <PARAM NAME="FlashVars" VALUE="' + clickTAGs + '"';

if( swfVer<6 ) {

flash_name= '"' + swf_name + '?' + clickTAGs + '"';

qFlashVars='';

}

var d= document;

var sIF1= 'if ( swfVer<=';

var sIF2= ' and plugin <= 0 ) then plugin = ( IsObject('

+ 'CreateObject("ShockwaveFlash.ShockwaveFlash.';

var sIF3= '")))\n';

var nua= navigator.userAgent;

var nmt= navigator.mimeTypes;

var plugin= (nmt && nmt[swfMime]) ? nmt[swfMime].enabledPlugin : 0;

if( plugin ) {

var n= plugin.description.indexOf(".");

if ( n > 1) {

plugin= parseInt(plugin.description.substring(n-2)) >= swfVer;

}

}

else if( nua && nua.indexOf("MSIE")>=0 && nua.indexOf("Windows ")>=0 ) {

d.write('<script LANGUAGE="VBScript"\> \n');

d.write('on error resume next \n');

d.write('plugin = 0\n');

d.write(sIF1+'12'+sIF2+'12'+sIF3);

d.write(sIF1+'11'+sIF2+'11'+sIF3);

d.write(sIF1+'10'+sIF2+'10'+sIF3);

d.write(sIF1+'9'+sIF2+'9'+sIF3);

d.write(sIF1+'8'+sIF2+'8'+sIF3);

d.write(sIF1+'7'+sIF2+'7'+sIF3);

d.write(sIF1+'6'+sIF2+'6'+sIF3);

d.write(sIF1+'5'+sIF2+'5'+sIF3);

d.write('<\/SCRIPT\> \n');

}

</SCRIPT>

<script SRC="http://media.match.com/eolas.js">

</SCRIPT>

<NOSCRIPT>

<A TARGET="_blank" HREF="http://media.match.com/click.ng?spacedesc=2186184_1116771_300x120_2186181_2186184&af=1121888&ml_pkgkw=-%253A%2522%2522&ml_pbi=-2186184&ml_camp=1116772&ml_crid=2186824&click=http://www.match.com/qsearch/qsearchdl.aspx?trackingID=526974&sourceid=1116772_1116771_2186181_2186184_1121888_2186824_300x120">

<IMG SRC="http://media.match.com/xl/PROD/19706/creatives/mat_grl_patches_3BigImgRePopScrollIm

Share this post


Link to post
Share on other sites

Hey apmiller01. :)

 

Sounds good. :thumbup:

 

You have/had Ask Toolbar (AskBarDis) installed. I strongly recommend you remove the Ask Toolbar from your computer because:

 

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

 

Please go to Start>Control Panel> Programs and Features and remove the following program (if present):

 

  • AskBarDis

Please restart your computer after this program removal.

==========

 

Next, please re-run RogueKiller.

  • Wait until Prescan has finished.
  • Click on Scan.
  • In the Registry tab, please make sure all lines are checked.
  • Click on Delete.
  • Then, click on Report and copy/paste the contents in your next reply.

==========

 

Then, please run a free online scan with the ESET Online Scanner.

Note: You will need to use Internet Explorer for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

=========

 

In your next post please provide the following:

  • Report from RogueKiller.
  • log.txt.

Share this post


Link to post
Share on other sites

I could not find the Ask Toolbar in the uninstall programs list. I also could not find the ESET log from that filepath. I have something in C:/Program Files (x86)/ESET/Eset Online Scanner/log.txt, but it only contains 3 small lines worth of information. Nonetheless, the program did have 2 findings, so I've attached those below.

 

One other minor issue, previously my computer would indicate whether or not caps lock was on by a small notification that would pop up on the screen when it was enabled or disabled. This is the only way to know if it's on since there is no light or other indicator. Now there is no indicator when I turn caps lock on and off.

 

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Alex [Admin rights]

Mode: Remove -- Date: 03/25/2012 00:20:58

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 10 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 86f958caff32bb54b927bff5ecc04d2f

[bSP] 7c26b365ff82d6de818a6300ceea652b : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

 

 

This is from ESET:

 

 

C:\Users\Alex\Downloads\cnet_HC2Setup_exe.exe a variant of Win32/InstallCore.D application

C:\Users\Alex\Downloads\cnet_smrecorder_installer_exe.exe a variant of Win32/InstallCore.D application

Share this post


Link to post
Share on other sites

Howdy apmiller01. :)

 

Please navigate to these files and delete them:

 

C:\Users\Alex\Downloads\cnet_HC2Setup_exe

C:\Users\Alex\Downloads\cnet_smrecorder_installer_exe

 

 

Next, to resolve your Caps Lock issue please do the following:

 

  • Please go to Start>Control Panel>Keyboard.
  • Select the Key Settings Tab if you have.
  • Scroll down to Caps Lock and double click it.
  • Check the box marked Display CAPS Lock status on screen.

==========

 

Finally, please download Security Check by screen317 from here or here.

 

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========

 

In your next post, please post the following:

  • If the CAPS Lock issue has been resolved.
  • checkup.txt.

Edited by The Dark Knight

Share this post


Link to post
Share on other sites

Couldn't get the caps lock issue resolved. There's no Key Settings tab, only "Speed" and "Hardware".

 

Results of screen317's Security Check version 0.99.32

Windows 7 x64

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 23

Java version out of date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox 10.0.2 Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites

Hey apmiller01. :)

 

Were you using a piece of software or a program other than Windows to indicate when your Caps Lock was on or off?

==========

 

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

 

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows XP version:

http://www.java.com/en/download/manual.jsp

 

  • Save it to your Desktop.
  • Please go to Start > Control Panel > Add Or Remove Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

 

Next, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

 

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

 

Finally, please update your Mozilla Firefox by clicking Firefox>Help>About Firefox and selecting the update to install.

 

 

Please let me know about the CAPS Lock issue and if the updates were successful. :thumbup:

Share this post


Link to post
Share on other sites

All of the updates were successful.

 

I'm not sure what software it was since it was the default that came with the computer. It's possible that it is something from Dell. Is the Ask Toolbar still on my computer? Should we delete it some other way?

 

Also, when starting my computer there's been a black background with white text that says one or more of your disks needs to be checked for consistency and that you can cancel but it is not recommended. That's not an exact quote because it shows up and then disappears quickly. It appears that it cancels the check on its own.

Share this post


Link to post
Share on other sites

Hello apmiller01. :)

 

I saw evidence in one of your logs that Ask was at some point on your computer. If it is not in your Programs list then it's fine. :thumbup:

 

 

Please go to this link to run a Chkdsk:

 

http://support.microsoft.com/kb/315265

 

 

For the CAPS Lock by Dell please try this:

 

  • Please go to Start and type in Ease of Access Center.
  • Click Make the keyboard easier to use.
  • Select Toggle Key.

 

Please let me know if the CAPS Lock is now working. :thumbup:

Share this post


Link to post
Share on other sites

Ok I ran the Chkdsk.

 

Also, I fixed the caps lock issue, found the answer from some Google searching. Turns out I had to reinstall a driver called Dell Quickset. So problem solved.

Share this post


Link to post
Share on other sites

Hey apmiller01. :)

 

Awesome. :thumbup:

 

 

A little housekeeping to uninstall ComboFix:

 

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

 

ComboFix /uninstall

 

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

 

Right-click the Recycle Bin and please select Empty Recycle Bin.

==========

 

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

 

 

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

 

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

 

Please consider installing and running the following program:

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

 

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

 

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

 

http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

 

 

Please also read Tony Klein's excellent article: How did I get infected in the first place.

 

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Share this post


Link to post
Share on other sites

Ok, done. Thanks for all your help. I'm a little worried that Avira did not prevent this from happening. In your opinion, what is the best antivirus out there? Free or paid? Thanks again!

Share this post


Link to post
Share on other sites

Hey apmiller01. :)

 

In my opinion the free version of avast! is adequate as an antivirus program. The thing to keep in mind that although antivirus programs are constantly kept up-to-date, they can't protect you against every infection out there, and this rogue program was one such case.

 

The best strategy I recommend is this: avast! free, Malwarebyte's Anti-Malware and SpywareBlaster. If you keep these updated very regularly, and stay on top of your other updates for Windows and programs, then you are already doing yourself a huge favour. The rest just comes down to what you download and the sites you visit.

 

No combination of security programs is going to be 100% effective, but if you stay security-aware and use some of my suggestions, then you should be pretty safe. :thumbup:

Share this post


Link to post
Share on other sites

Hey apmiller01. :)

 

My apologies; I am not well today and mis-read the name of your antivirus.

 

Avira is just as good as avast! so if you would prefer to keep Avira then by all means do so. With MBAM and SpywareBlaster it will be just as effective as avast!, so there is no need to change programs if you like Avira. :thumbup:

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.