Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/Virus affecting Internet?


  • This topic is locked This topic is locked
23 replies to this topic

#1 Calbin

Calbin

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 28 March 2012 - 06:36 PM

Hello, I have posted in this forum before, asking for help on the same issue. It was resolved, thanks to Gringo, but now it is back.
The problem is that my internet would stop working for a few minute, or takes a really long time to load. This only occurs on the current computer
that I am using, and not anything else. Have only recently started to happen.
Anyways here is my HijackThis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:28:51 PM, on 3/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\adb.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.133\deploy\LolClient.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Google Update] "C:\Users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12248 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 01 April 2012 - 10:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

HijackThis is not able to provide accurate information for 64 bit systems.
In your case we need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please post the logs for my review.

#3 Calbin

Calbin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 01 April 2012 - 07:12 PM

the external links uve provided for the DDS does not work for me. It works for me on firefox, something wrong with my google chrome

Edited by Calbin, 01 April 2012 - 07:16 PM.


#4 Calbin

Calbin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 01 April 2012 - 08:33 PM

Here is my DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Calvin at 18:24:43 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.5448 [GMT -7:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.134\deploy\LolClient.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [Google Update] "C:\Users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{18954B26-36FB-4173-82E7-30296EC123C8} : DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{4DFBDD1E-5F6E-4925-BC9B-9325AC8B4A6F} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\i1iqkhdz.default\
FF - prefs.js: browser.startup.homepage - prizerebel.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B72e34710-0008-4321-8617-c17d12e88dd6%7D&mid=7a41a6e1679747d1acbf099ac3909b9a-55b05d35613c7149e9e254e75c42ff288501c854&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2011-12-28%2011%3A59%3A13&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Calvin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/22 19:35:31];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-2-22 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-16 652360]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-25 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-17 21:11:06 -------- d-----w- C:\CFLog
2012-03-17 20:59:05 -------- d-----w- C:\Program Files (x86)\Z8Games
2012-03-17 19:49:14 -------- d-----w- C:\Program Files (x86)\BP DOWNLOADER
2012-03-14 02:36:44 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 02:36:42 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 02:36:42 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:36:40 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 02:36:40 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 02:36:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 02:36:40 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 02:36:29 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 02:36:29 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 02:36:29 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-11 11:31:51 713312 ----a-w- C:\Windows\SysWow64\ijjiSetup.exe
2012-03-11 11:31:51 62048 ----a-w- C:\Windows\SysWow64\ijjiProcessRestarter.exe
2012-03-11 11:31:51 27136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2012-03-07 03:48:26 -------- d-s---w- C:\ComboFix
2012-03-06 04:18:34 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-05 04:09:12 -------- d-----w- C:\$RECYCLE.BIN
2012-03-04 03:56:09 -------- d-----w- C:\$AVG
2012-03-03 22:18:32 -------- d-----w- C:\Program Files\Ventrilo
2012-03-03 22:18:08 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-03-03 19:07:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
.
==================== Find3M ====================
.
2012-03-04 21:42:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 03:46:27 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-20 00:32:52 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-20 00:32:52 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-02 22:50:43 5265 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-02-02 22:50:43 4774 ----a-w- C:\Windows\SysWow64\npptNT2.sys
.
============= FINISH: 18:25:00.27 ===============



Here is my TDSSKiller log


18:27:10.0308 2296 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:27:10.0818 2296 ============================================================
18:27:10.0818 2296 Current date / time: 2012/04/01 18:27:10.0818
18:27:10.0818 2296 SystemInfo:
18:27:10.0818 2296
18:27:10.0818 2296 OS Version: 6.1.7601 ServicePack: 1.0
18:27:10.0818 2296 Product type: Workstation
18:27:10.0818 2296 ComputerName: CALVIN-PC
18:27:10.0818 2296 UserName: Calvin
18:27:10.0818 2296 Windows directory: C:\Windows
18:27:10.0818 2296 System windows directory: C:\Windows
18:27:10.0818 2296 Running under WOW64
18:27:10.0818 2296 Processor architecture: Intel x64
18:27:10.0818 2296 Number of processors: 4
18:27:10.0818 2296 Page size: 0x1000
18:27:10.0818 2296 Boot type: Normal boot
18:27:10.0818 2296 ============================================================
18:27:11.0225 2296 Drive \Device\Harddisk0\DR0 - Size: 0xE8D4A50000 (931.32 Gb), SectorSize: 0x200, Cylinders: 0x1DAE8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:11.0320 2296 \Device\Harddisk0\DR0:
18:27:11.0321 2296 MBR used
18:27:11.0321 2296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:27:11.0321 2296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FCC0E8
18:27:11.0321 2296 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72FFE8E8, BlocksNum 0x16A5000
18:27:11.0399 2296 Initialize success
18:27:11.0399 2296 ============================================================
18:27:12.0879 2852 ============================================================
18:27:12.0879 2852 Scan started
18:27:12.0879 2852 Mode: Manual;
18:27:12.0879 2852 ============================================================
18:27:13.0884 2852 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:27:13.0886 2852 1394ohci - ok
18:27:13.0983 2852 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:27:13.0985 2852 ACPI - ok
18:27:14.0089 2852 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:27:14.0090 2852 AcpiPmi - ok
18:27:14.0194 2852 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:27:14.0195 2852 AdobeARMservice - ok
18:27:14.0282 2852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:27:14.0285 2852 adp94xx - ok
18:27:14.0372 2852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:27:14.0374 2852 adpahci - ok
18:27:14.0453 2852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:27:14.0454 2852 adpu320 - ok
18:27:14.0535 2852 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:27:14.0535 2852 AeLookupSvc - ok
18:27:14.0779 2852 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:27:14.0781 2852 AFD - ok
18:27:14.0847 2852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:27:14.0848 2852 agp440 - ok
18:27:14.0861 2852 ahcix64s (aa3f73ccbf498bd56800f840d75e40e4) C:\Windows\system32\DRIVERS\ahcix64s.sys
18:27:14.0862 2852 ahcix64s - ok
18:27:14.0909 2852 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:27:14.0910 2852 ALG - ok
18:27:14.0936 2852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:27:14.0937 2852 aliide - ok
18:27:14.0970 2852 AMD External Events Utility (fd58ea38b728d0288b559e1cf992d217) C:\Windows\system32\atiesrxx.exe
18:27:14.0973 2852 AMD External Events Utility - ok
18:27:14.0993 2852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:27:14.0994 2852 amdide - ok
18:27:15.0043 2852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:27:15.0044 2852 AmdK8 - ok
18:27:15.0079 2852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:27:15.0080 2852 AmdPPM - ok
18:27:15.0130 2852 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:27:15.0131 2852 amdsata - ok
18:27:15.0143 2852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:27:15.0145 2852 amdsbs - ok
18:27:15.0164 2852 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:27:15.0165 2852 amdxata - ok
18:27:15.0244 2852 AMD_RAIDXpert (2b8d1c23d204c0e70eff48a3ffa1c67b) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
18:27:15.0245 2852 AMD_RAIDXpert - ok
18:27:15.0294 2852 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:27:15.0301 2852 AppID - ok
18:27:15.0333 2852 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:27:15.0334 2852 AppIDSvc - ok
18:27:15.0364 2852 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:27:15.0366 2852 Appinfo - ok
18:27:15.0437 2852 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:27:15.0438 2852 Apple Mobile Device - ok
18:27:15.0599 2852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:27:15.0605 2852 arc - ok
18:27:15.0639 2852 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:27:15.0641 2852 arcsas - ok
18:27:15.0669 2852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:27:15.0670 2852 AsyncMac - ok
18:27:16.0009 2852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:27:16.0009 2852 atapi - ok
18:27:16.0059 2852 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
18:27:16.0073 2852 athr - ok
18:27:16.0121 2852 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
18:27:16.0123 2852 AtiHdmiService - ok
18:27:16.0229 2852 atikmdag (eaf3d0be71539aae73cecaa9c78ee1f5) C:\Windows\system32\DRIVERS\atikmdag.sys
18:27:16.0321 2852 atikmdag - ok
18:27:16.0413 2852 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:27:16.0414 2852 AtiPcie - ok
18:27:16.0474 2852 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:27:16.0481 2852 AudioEndpointBuilder - ok
18:27:16.0489 2852 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:27:16.0492 2852 AudioSrv - ok
18:27:16.0541 2852 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
18:27:16.0542 2852 Avgfwfd - ok
18:27:16.0637 2852 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
18:27:16.0649 2852 avgfws - ok
18:27:16.0725 2852 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:27:16.0745 2852 AVGIDSAgent - ok
18:27:16.0776 2852 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:27:16.0777 2852 AVGIDSDriver - ok
18:27:16.0795 2852 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:27:16.0796 2852 AVGIDSEH - ok
18:27:16.0810 2852 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:27:16.0810 2852 AVGIDSFilter - ok
18:27:16.0835 2852 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
18:27:16.0837 2852 Avgldx64 - ok
18:27:16.0851 2852 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:27:16.0851 2852 Avgmfx64 - ok
18:27:16.0890 2852 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:27:16.0891 2852 Avgrkx64 - ok
18:27:16.0908 2852 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
18:27:16.0910 2852 Avgtdia - ok
18:27:16.0937 2852 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:27:16.0938 2852 avgwd - ok
18:27:16.0981 2852 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:27:16.0982 2852 AxInstSV - ok
18:27:17.0042 2852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:27:17.0044 2852 b06bdrv - ok
18:27:17.0080 2852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:27:17.0083 2852 b57nd60a - ok
18:27:17.0133 2852 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:27:17.0135 2852 BDESVC - ok
18:27:17.0151 2852 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:27:17.0152 2852 Beep - ok
18:27:17.0210 2852 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:27:17.0217 2852 BFE - ok
18:27:17.0268 2852 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:27:17.0277 2852 BITS - ok
18:27:17.0286 2852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:27:17.0286 2852 blbdrive - ok
18:27:17.0388 2852 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:27:17.0391 2852 Bonjour Service - ok
18:27:17.0421 2852 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:27:17.0423 2852 bowser - ok
18:27:17.0442 2852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:27:17.0443 2852 BrFiltLo - ok
18:27:17.0463 2852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:27:17.0464 2852 BrFiltUp - ok
18:27:17.0495 2852 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:27:17.0497 2852 BridgeMP - ok
18:27:17.0524 2852 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:27:17.0526 2852 Browser - ok
18:27:17.0557 2852 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
18:27:17.0561 2852 BrSerIb - ok
18:27:17.0585 2852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:27:17.0587 2852 Brserid - ok
18:27:17.0606 2852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:27:17.0607 2852 BrSerWdm - ok
18:27:17.0663 2852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:27:17.0664 2852 BrUsbMdm - ok
18:27:17.0676 2852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:27:17.0677 2852 BrUsbSer - ok
18:27:17.0691 2852 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
18:27:17.0692 2852 BrUsbSIb - ok
18:27:17.0709 2852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:27:17.0710 2852 BTHMODEM - ok
18:27:17.0744 2852 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:27:17.0746 2852 bthserv - ok
18:27:17.0766 2852 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:27:17.0768 2852 cdfs - ok
18:27:17.0834 2852 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:27:17.0835 2852 cdrom - ok
18:27:17.0880 2852 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:27:17.0881 2852 CertPropSvc - ok
18:27:17.0904 2852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:27:17.0904 2852 circlass - ok
18:27:17.0937 2852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:27:17.0939 2852 CLFS - ok
18:27:18.0008 2852 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:27:18.0010 2852 clr_optimization_v2.0.50727_32 - ok
18:27:18.0056 2852 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:27:18.0058 2852 clr_optimization_v2.0.50727_64 - ok
18:27:18.0094 2852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:27:18.0095 2852 CmBatt - ok
18:27:18.0112 2852 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:27:18.0112 2852 cmdide - ok
18:27:18.0149 2852 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:27:18.0152 2852 CNG - ok
18:27:18.0179 2852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:27:18.0180 2852 Compbatt - ok
18:27:18.0218 2852 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:27:18.0219 2852 CompositeBus - ok
18:27:18.0239 2852 COMSysApp - ok
18:27:18.0263 2852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:27:18.0263 2852 crcdisk - ok
18:27:18.0300 2852 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:27:18.0302 2852 CryptSvc - ok
18:27:18.0340 2852 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:27:18.0345 2852 DcomLaunch - ok
18:27:18.0371 2852 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:27:18.0374 2852 defragsvc - ok
18:27:18.0407 2852 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:27:18.0408 2852 DfsC - ok
18:27:18.0455 2852 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:27:18.0458 2852 Dhcp - ok
18:27:18.0469 2852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:27:18.0470 2852 discache - ok
18:27:18.0499 2852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:27:18.0500 2852 Disk - ok
18:27:18.0524 2852 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:27:18.0526 2852 Dnscache - ok
18:27:18.0570 2852 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:27:18.0573 2852 dot3svc - ok
18:27:18.0607 2852 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:27:18.0609 2852 DPS - ok
18:27:18.0649 2852 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:27:18.0650 2852 drmkaud - ok
18:27:18.0706 2852 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:27:18.0711 2852 DXGKrnl - ok
18:27:18.0751 2852 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:27:18.0752 2852 EapHost - ok
18:27:18.0815 2852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:27:18.0830 2852 ebdrv - ok
18:27:18.0873 2852 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:27:18.0874 2852 EFS - ok
18:27:18.0904 2852 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:27:18.0907 2852 ehRecvr - ok
18:27:18.0924 2852 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:27:18.0925 2852 ehSched - ok
18:27:18.0955 2852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:27:18.0957 2852 elxstor - ok
18:27:18.0989 2852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:27:18.0990 2852 ErrDev - ok
18:27:19.0014 2852 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:27:19.0018 2852 EventSystem - ok
18:27:19.0041 2852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:27:19.0044 2852 exfat - ok
18:27:19.0061 2852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:27:19.0064 2852 fastfat - ok
18:27:19.0116 2852 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:27:19.0120 2852 Fax - ok
18:27:19.0152 2852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:27:19.0153 2852 fdc - ok
18:27:19.0180 2852 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:27:19.0181 2852 fdPHost - ok
18:27:19.0191 2852 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:27:19.0192 2852 FDResPub - ok
18:27:19.0201 2852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:27:19.0202 2852 FileInfo - ok
18:27:19.0215 2852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:27:19.0216 2852 Filetrace - ok
18:27:19.0227 2852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:27:19.0227 2852 flpydisk - ok
18:27:19.0259 2852 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:27:19.0259 2852 FltMgr - ok
18:27:19.0321 2852 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
18:27:19.0337 2852 FontCache - ok
18:27:19.0399 2852 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:27:19.0399 2852 FontCache3.0.0.0 - ok
18:27:19.0430 2852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:27:19.0461 2852 FsDepends - ok
18:27:19.0555 2852 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:27:19.0555 2852 Fs_Rec - ok
18:27:19.0586 2852 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:27:19.0586 2852 fvevol - ok
18:27:19.0602 2852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:27:19.0602 2852 gagp30kx - ok
18:27:19.0649 2852 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:27:19.0649 2852 GEARAspiWDM - ok
18:27:19.0672 2852 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:27:19.0680 2852 gpsvc - ok
18:27:19.0702 2852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:27:19.0703 2852 hcw85cir - ok
18:27:19.0744 2852 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:27:19.0745 2852 HDAudBus - ok
18:27:19.0769 2852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:27:19.0770 2852 HidBatt - ok
18:27:19.0791 2852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:27:19.0792 2852 HidBth - ok
18:27:19.0811 2852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:27:19.0811 2852 HidIr - ok
18:27:19.0831 2852 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:27:19.0832 2852 hidserv - ok
18:27:19.0860 2852 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:27:19.0861 2852 HidUsb - ok
18:27:19.0901 2852 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:27:19.0903 2852 hkmsvc - ok
18:27:19.0947 2852 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:27:19.0950 2852 HomeGroupListener - ok
18:27:19.0987 2852 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:27:19.0990 2852 HomeGroupProvider - ok
18:27:20.0045 2852 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:27:20.0046 2852 HP Health Check Service - ok
18:27:20.0086 2852 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:27:20.0088 2852 hpqwmiex - ok
18:27:20.0102 2852 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:27:20.0103 2852 HpSAMD - ok
18:27:20.0142 2852 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:27:20.0143 2852 HTCAND64 - ok
18:27:20.0182 2852 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
18:27:20.0183 2852 htcnprot - ok
18:27:20.0233 2852 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:27:20.0240 2852 HTTP - ok
18:27:20.0284 2852 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:27:20.0285 2852 hwpolicy - ok
18:27:20.0318 2852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:27:20.0319 2852 i8042prt - ok
18:27:20.0344 2852 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:27:20.0347 2852 iaStorV - ok
18:27:20.0423 2852 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:27:20.0427 2852 idsvc - ok
18:27:20.0455 2852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:27:20.0455 2852 iirsp - ok
18:27:20.0484 2852 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:27:20.0492 2852 IKEEXT - ok
18:27:20.0551 2852 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
18:27:20.0560 2852 IntcAzAudAddService - ok
18:27:20.0598 2852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:27:20.0599 2852 intelide - ok
18:27:20.0736 2852 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:27:20.0737 2852 intelppm - ok
18:27:20.0919 2852 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:27:20.0922 2852 IPBusEnum - ok
18:27:20.0951 2852 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:27:20.0952 2852 IpFilterDriver - ok
18:27:21.0001 2852 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:27:21.0007 2852 iphlpsvc - ok
18:27:21.0059 2852 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:27:21.0059 2852 IPMIDRV - ok
18:27:21.0074 2852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:27:21.0076 2852 IPNAT - ok
18:27:21.0152 2852 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
18:27:21.0161 2852 iPod Service - ok
18:27:21.0179 2852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:27:21.0180 2852 IRENUM - ok
18:27:21.0201 2852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:27:21.0202 2852 isapnp - ok
18:27:21.0236 2852 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:27:21.0238 2852 iScsiPrt - ok
18:27:21.0256 2852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:27:21.0257 2852 kbdclass - ok
18:27:21.0298 2852 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:27:21.0299 2852 kbdhid - ok
18:27:21.0317 2852 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:27:21.0318 2852 KeyIso - ok
18:27:21.0331 2852 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:27:21.0332 2852 KSecDD - ok
18:27:21.0345 2852 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:27:21.0346 2852 KSecPkg - ok
18:27:21.0363 2852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:27:21.0363 2852 ksthunk - ok
18:27:21.0397 2852 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:27:21.0401 2852 KtmRm - ok
18:27:21.0449 2852 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:27:21.0453 2852 LanmanServer - ok
18:27:21.0507 2852 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:27:21.0510 2852 LanmanWorkstation - ok
18:27:21.0562 2852 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:27:21.0562 2852 LightScribeService - ok
18:27:21.0612 2852 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:27:21.0613 2852 lltdio - ok
18:27:21.0635 2852 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:27:21.0639 2852 lltdsvc - ok
18:27:21.0653 2852 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:27:21.0654 2852 lmhosts - ok
18:27:21.0688 2852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:27:21.0689 2852 LSI_FC - ok
18:27:21.0706 2852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:27:21.0707 2852 LSI_SAS - ok
18:27:21.0723 2852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:27:21.0723 2852 LSI_SAS2 - ok
18:27:21.0745 2852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:27:21.0746 2852 LSI_SCSI - ok
18:27:21.0767 2852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:27:21.0767 2852 luafv - ok
18:27:21.0814 2852 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:27:21.0814 2852 MBAMProtector - ok
18:27:21.0892 2852 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:27:21.0892 2852 MBAMService - ok
18:27:21.0923 2852 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:27:21.0923 2852 Mcx2Svc - ok
18:27:21.0955 2852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:27:21.0955 2852 megasas - ok
18:27:21.0986 2852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:27:21.0986 2852 MegaSR - ok
18:27:22.0033 2852 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:27:22.0033 2852 Microsoft Office Groove Audit Service - ok
18:27:22.0064 2852 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:27:22.0064 2852 MMCSS - ok
18:27:22.0079 2852 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:27:22.0079 2852 Modem - ok
18:27:22.0126 2852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:27:22.0126 2852 monitor - ok
18:27:22.0157 2852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:27:22.0157 2852 mouclass - ok
18:27:22.0206 2852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:27:22.0207 2852 mouhid - ok
18:27:22.0252 2852 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:27:22.0253 2852 mountmgr - ok
18:27:22.0290 2852 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:27:22.0291 2852 mpio - ok
18:27:22.0305 2852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:27:22.0306 2852 mpsdrv - ok
18:27:22.0349 2852 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:27:22.0358 2852 MpsSvc - ok
18:27:22.0552 2852 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:27:22.0553 2852 MRxDAV - ok
18:27:22.0585 2852 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:27:22.0587 2852 mrxsmb - ok
18:27:22.0606 2852 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:27:22.0609 2852 mrxsmb10 - ok
18:27:22.0623 2852 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:27:22.0625 2852 mrxsmb20 - ok
18:27:22.0664 2852 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:27:22.0664 2852 msahci - ok
18:27:22.0696 2852 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:27:22.0697 2852 msdsm - ok
18:27:22.0729 2852 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:27:22.0730 2852 MSDTC - ok
18:27:22.0763 2852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:27:22.0764 2852 Msfs - ok
18:27:22.0787 2852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:27:22.0787 2852 mshidkmdf - ok
18:27:22.0814 2852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:27:22.0814 2852 msisadrv - ok
18:27:22.0849 2852 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:27:22.0851 2852 MSiSCSI - ok
18:27:22.0857 2852 msiserver - ok
18:27:22.0885 2852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:27:22.0886 2852 MSKSSRV - ok
18:27:22.0907 2852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:27:22.0908 2852 MSPCLOCK - ok
18:27:22.0924 2852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:27:22.0926 2852 MSPQM - ok
18:27:22.0971 2852 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:27:22.0975 2852 MsRPC - ok
18:27:22.0990 2852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:27:22.0991 2852 mssmbios - ok
18:27:23.0013 2852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:27:23.0014 2852 MSTEE - ok
18:27:23.0034 2852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:27:23.0035 2852 MTConfig - ok
18:27:23.0061 2852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:27:23.0062 2852 Mup - ok
18:27:23.0112 2852 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:27:23.0116 2852 napagent - ok
18:27:23.0144 2852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:27:23.0147 2852 NativeWifiP - ok
18:27:23.0182 2852 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:27:23.0187 2852 NDIS - ok
18:27:23.0202 2852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:27:23.0203 2852 NdisCap - ok
18:27:23.0224 2852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:27:23.0225 2852 NdisTapi - ok
18:27:23.0260 2852 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:27:23.0261 2852 Ndisuio - ok
18:27:23.0299 2852 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:27:23.0301 2852 NdisWan - ok
18:27:23.0342 2852 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:27:23.0343 2852 NDProxy - ok
18:27:23.0357 2852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:27:23.0358 2852 NetBIOS - ok
18:27:23.0404 2852 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:27:23.0407 2852 NetBT - ok
18:27:23.0445 2852 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:27:23.0446 2852 Netlogon - ok
18:27:23.0488 2852 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:27:23.0492 2852 Netman - ok
18:27:23.0502 2852 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:27:23.0505 2852 netprofm - ok
18:27:23.0558 2852 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:27:23.0559 2852 NetTcpPortSharing - ok
18:27:23.0588 2852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:27:23.0589 2852 nfrd960 - ok
18:27:23.0636 2852 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:27:23.0640 2852 NlaSvc - ok
18:27:23.0656 2852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:27:23.0657 2852 Npfs - ok
18:27:23.0676 2852 npggsvc - ok
18:27:23.0683 2852 NPPTNT2 - ok
18:27:23.0708 2852 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:27:23.0709 2852 nsi - ok
18:27:23.0727 2852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:27:23.0728 2852 nsiproxy - ok
18:27:23.0790 2852 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:27:23.0818 2852 Ntfs - ok
18:27:23.0833 2852 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:27:23.0834 2852 Null - ok
18:27:23.0870 2852 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:27:23.0871 2852 nvraid - ok
18:27:23.0915 2852 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:27:23.0916 2852 nvstor - ok
18:27:23.0936 2852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:27:23.0940 2852 nv_agp - ok
18:27:23.0998 2852 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:27:24.0002 2852 odserv - ok
18:27:24.0029 2852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:27:24.0030 2852 ohci1394 - ok
18:27:24.0126 2852 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:27:24.0131 2852 ose - ok
18:27:24.0160 2852 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:27:24.0166 2852 p2pimsvc - ok
18:27:24.0181 2852 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:27:24.0186 2852 p2psvc - ok
18:27:24.0212 2852 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:27:24.0213 2852 Parport - ok
18:27:24.0259 2852 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:27:24.0260 2852 partmgr - ok
18:27:24.0342 2852 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
18:27:24.0342 2852 PassThru Service - ok
18:27:24.0358 2852 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:27:24.0358 2852 PcaSvc - ok
18:27:24.0389 2852 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:27:24.0389 2852 pci - ok
18:27:24.0420 2852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:27:24.0420 2852 pciide - ok
18:27:24.0436 2852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:27:24.0436 2852 pcmcia - ok
18:27:24.0452 2852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:27:24.0452 2852 pcw - ok
18:27:24.0483 2852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:27:24.0483 2852 PEAUTH - ok
18:27:24.0530 2852 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:27:24.0530 2852 PerfHost - ok
18:27:24.0592 2852 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:27:24.0608 2852 pla - ok
18:27:24.0654 2852 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:27:24.0654 2852 PlugPlay - ok
18:27:24.0670 2852 PnkBstrA - ok
18:27:24.0702 2852 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:27:24.0703 2852 PNRPAutoReg - ok
18:27:24.0727 2852 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:27:24.0730 2852 PNRPsvc - ok
18:27:24.0747 2852 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:27:24.0754 2852 PolicyAgent - ok
18:27:24.0787 2852 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:27:24.0790 2852 Power - ok
18:27:24.0906 2852 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:27:24.0913 2852 PptpMiniport - ok
18:27:24.0974 2852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:27:24.0974 2852 Processor - ok
18:27:25.0030 2852 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:27:25.0033 2852 ProfSvc - ok
18:27:25.0075 2852 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:27:25.0076 2852 ProtectedStorage - ok
18:27:25.0220 2852 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:27:25.0246 2852 Psched - ok
18:27:25.0409 2852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:27:25.0417 2852 ql2300 - ok
18:27:25.0638 2852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:27:25.0639 2852 ql40xx - ok
18:27:25.0877 2852 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:27:25.0892 2852 QWAVE - ok
18:27:25.0939 2852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:27:25.0939 2852 QWAVEdrv - ok
18:27:26.0267 2852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:27:26.0282 2852 RasAcd - ok
18:27:26.0313 2852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:27:26.0313 2852 RasAgileVpn - ok
18:27:26.0345 2852 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:27:26.0345 2852 RasAuto - ok
18:27:26.0391 2852 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:27:26.0429 2852 Rasl2tp - ok
18:27:26.0662 2852 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:27:26.0667 2852 RasMan - ok
18:27:26.0694 2852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:27:26.0704 2852 RasPppoe - ok
18:27:26.0715 2852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:27:26.0726 2852 RasSstp - ok
18:27:26.0761 2852 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:27:26.0764 2852 rdbss - ok
18:27:26.0788 2852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:27:26.0788 2852 rdpbus - ok
18:27:26.0809 2852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:27:26.0810 2852 RDPCDD - ok
18:27:26.0840 2852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:27:26.0841 2852 RDPENCDD - ok
18:27:26.0849 2852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:27:26.0850 2852 RDPREFMP - ok
18:27:26.0885 2852 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:27:26.0886 2852 RDPWD - ok
18:27:26.0928 2852 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:27:26.0929 2852 rdyboost - ok
18:27:26.0946 2852 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:27:26.0948 2852 RemoteAccess - ok
18:27:26.0972 2852 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:27:26.0975 2852 RemoteRegistry - ok
18:27:26.0988 2852 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:27:26.0990 2852 RpcEptMapper - ok
18:27:27.0008 2852 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:27:27.0009 2852 RpcLocator - ok
18:27:27.0041 2852 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:27:27.0044 2852 RpcSs - ok
18:27:27.0063 2852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:27:27.0065 2852 rspndr - ok
18:27:27.0103 2852 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:27:27.0105 2852 RTL8167 - ok
18:27:27.0124 2852 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:27:27.0125 2852 SamSs - ok
18:27:27.0171 2852 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:27:27.0172 2852 sbp2port - ok
18:27:27.0283 2852 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:27:27.0288 2852 SBSDWSCService - ok
18:27:27.0316 2852 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:27:27.0319 2852 SCardSvr - ok
18:27:27.0359 2852 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:27:27.0363 2852 scfilter - ok
18:27:27.0651 2852 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:27:27.0663 2852 Schedule - ok
18:27:27.0692 2852 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:27:27.0693 2852 SCPolicySvc - ok
18:27:27.0735 2852 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:27:27.0738 2852 SDRSVC - ok
18:27:27.0773 2852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:27:27.0774 2852 secdrv - ok
18:27:27.0789 2852 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:27:27.0790 2852 seclogon - ok
18:27:27.0816 2852 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:27:27.0818 2852 SENS - ok
18:27:27.0836 2852 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:27:27.0838 2852 SensrSvc - ok
18:27:27.0876 2852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:27:27.0876 2852 Serenum - ok
18:27:27.0901 2852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:27:27.0902 2852 Serial - ok
18:27:27.0931 2852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:27:27.0932 2852 sermouse - ok
18:27:27.0974 2852 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:27:27.0977 2852 SessionEnv - ok
18:27:28.0017 2852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:27:28.0017 2852 sffdisk - ok
18:27:28.0040 2852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:27:28.0040 2852 sffp_mmc - ok
18:27:28.0049 2852 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:27:28.0050 2852 sffp_sd - ok
18:27:28.0063 2852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:27:28.0063 2852 sfloppy - ok
18:27:28.0106 2852 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:27:28.0110 2852 SharedAccess - ok
18:27:28.0147 2852 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:27:28.0152 2852 ShellHWDetection - ok
18:27:28.0164 2852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:27:28.0165 2852 SiSRaid2 - ok
18:27:28.0182 2852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:27:28.0183 2852 SiSRaid4 - ok
18:27:28.0210 2852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:27:28.0211 2852 Smb - ok
18:27:28.0251 2852 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:27:28.0252 2852 SNMPTRAP - ok
18:27:28.0267 2852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:27:28.0268 2852 spldr - ok
18:27:28.0310 2852 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:27:28.0319 2852 Spooler - ok
18:27:28.0406 2852 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:27:28.0464 2852 sppsvc - ok
18:27:28.0478 2852 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:27:28.0479 2852 sppuinotify - ok
18:27:28.0525 2852 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
18:27:28.0525 2852 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
18:27:28.0538 2852 sptd ( LockedFile.Multi.Generic ) - warning
18:27:28.0538 2852 sptd - detected LockedFile.Multi.Generic (1)
18:27:28.0570 2852 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:27:28.0575 2852 srv - ok
18:27:28.0595 2852 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:27:28.0599 2852 srv2 - ok
18:27:28.0613 2852 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:27:28.0615 2852 srvnet - ok
18:27:28.0645 2852 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:27:28.0648 2852 SSDPSRV - ok
18:27:28.0648 2852 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:27:28.0648 2852 SstpSvc - ok
18:27:28.0757 2852 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
18:27:28.0757 2852 StarWindServiceAE - ok
18:27:28.0789 2852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:27:28.0789 2852 stexstor - ok
18:27:28.0835 2852 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:27:28.0835 2852 stisvc - ok
18:27:28.0882 2852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:27:28.0882 2852 swenum - ok
18:27:28.0898 2852 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:27:28.0913 2852 swprv - ok
18:27:28.0982 2852 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:27:29.0015 2852 SysMain - ok
18:27:29.0052 2852 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:27:29.0054 2852 TabletInputService - ok
18:27:29.0092 2852 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:27:29.0096 2852 TapiSrv - ok
18:27:29.0107 2852 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:27:29.0109 2852 TBS - ok
18:27:29.0170 2852 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:27:29.0183 2852 Tcpip - ok
18:27:29.0225 2852 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:27:29.0234 2852 TCPIP6 - ok
18:27:29.0279 2852 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:27:29.0295 2852 tcpipreg - ok
18:27:29.0358 2852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:27:29.0377 2852 TDPIPE - ok
18:27:29.0432 2852 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:27:29.0457 2852 TDTCP - ok
18:27:29.0588 2852 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:27:29.0590 2852 tdx - ok
18:27:29.0647 2852 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:27:29.0648 2852 TermDD - ok
18:27:29.0702 2852 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:27:29.0709 2852 TermService - ok
18:27:29.0725 2852 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:27:29.0727 2852 Themes - ok
18:27:29.0755 2852 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:27:29.0756 2852 THREADORDER - ok
18:27:29.0779 2852 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:27:29.0781 2852 TrkWks - ok
18:27:29.0836 2852 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:27:29.0839 2852 TrustedInstaller - ok
18:27:29.0877 2852 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:27:29.0879 2852 tssecsrv - ok
18:27:29.0920 2852 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:27:29.0921 2852 TsUsbFlt - ok
18:27:29.0973 2852 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:27:29.0974 2852 tunnel - ok
18:27:30.0003 2852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:27:30.0003 2852 uagp35 - ok
18:27:30.0043 2852 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:27:30.0047 2852 udfs - ok
18:27:30.0068 2852 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:27:30.0069 2852 UI0Detect - ok
18:27:30.0104 2852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:27:30.0105 2852 uliagpkx - ok
18:27:30.0142 2852 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:27:30.0143 2852 umbus - ok
18:27:30.0167 2852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:27:30.0168 2852 UmPass - ok
18:27:30.0199 2852 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:27:30.0203 2852 upnphost - ok
18:27:30.0254 2852 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:27:30.0255 2852 usbaudio - ok
18:27:30.0270 2852 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
18:27:30.0271 2852 usbccgp - ok
18:27:30.0315 2852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:27:30.0316 2852 usbcir - ok
18:27:30.0323 2852 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
18:27:30.0324 2852 usbehci - ok
18:27:30.0355 2852 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
18:27:30.0355 2852 usbfilter - ok
18:27:30.0377 2852 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
18:27:30.0379 2852 usbhub - ok
18:27:30.0396 2852 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
18:27:30.0397 2852 usbohci - ok
18:27:30.0422 2852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:27:30.0423 2852 usbprint - ok
18:27:30.0480 2852 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:27:30.0482 2852 usbscan - ok
18:27:30.0494 2852 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
18:27:30.0495 2852 USBSTOR - ok
18:27:30.0511 2852 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
18:27:30.0511 2852 usbuhci - ok
18:27:30.0540 2852 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:27:30.0543 2852 usbvideo - ok
18:27:30.0578 2852 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:27:30.0590 2852 UxSms - ok
18:27:30.0608 2852 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:27:30.0609 2852 VaultSvc - ok
18:27:30.0662 2852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:27:30.0663 2852 vdrvroot - ok
18:27:30.0787 2852 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:27:30.0790 2852 vds - ok
18:27:30.0822 2852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:27:30.0823 2852 vga - ok
18:27:30.0837 2852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:27:30.0838 2852 VgaSave - ok
18:27:30.0855 2852 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:27:30.0857 2852 vhdmp - ok
18:27:30.0878 2852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:27:30.0879 2852 viaide - ok
18:27:30.0912 2852 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:27:30.0913 2852 volmgr - ok
18:27:30.0951 2852 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:27:30.0953 2852 volmgrx - ok
18:27:30.0972 2852 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:27:30.0974 2852 volsnap - ok
18:27:30.0986 2852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:27:30.0988 2852 vsmraid - ok
18:27:31.0035 2852 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:27:31.0051 2852 VSS - ok
18:27:31.0161 2852 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
18:27:31.0165 2852 vToolbarUpdater10.2.0 - ok
18:27:31.0175 2852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:27:31.0176 2852 vwifibus - ok
18:27:31.0187 2852 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:27:31.0189 2852 vwififlt - ok
18:27:31.0226 2852 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:27:31.0231 2852 W32Time - ok
18:27:31.0250 2852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:27:31.0250 2852 WacomPen - ok
18:27:31.0304 2852 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:27:31.0305 2852 WANARP - ok
18:27:31.0332 2852 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:27:31.0333 2852 Wanarpv6 - ok
18:27:31.0387 2852 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:27:31.0398 2852 WatAdminSvc - ok
18:27:31.0459 2852 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:27:31.0467 2852 wbengine - ok
18:27:31.0490 2852 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:27:31.0494 2852 WbioSrvc - ok
18:27:31.0551 2852 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:27:31.0556 2852 wcncsvc - ok
18:27:31.0570 2852 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:27:31.0572 2852 WcsPlugInService - ok
18:27:31.0617 2852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:27:31.0618 2852 Wd - ok
18:27:31.0647 2852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:27:31.0651 2852 Wdf01000 - ok
18:27:31.0665 2852 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:27:31.0667 2852 WdiServiceHost - ok
18:27:31.0670 2852 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:27:31.0672 2852 WdiSystemHost - ok
18:27:31.0710 2852 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:27:31.0714 2852 WebClient - ok
18:27:31.0730 2852 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:27:31.0733 2852 Wecsvc - ok
18:27:31.0753 2852 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:27:31.0762 2852 wercplsupport - ok
18:27:31.0788 2852 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:27:31.0791 2852 WerSvc - ok
18:27:31.0853 2852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:27:31.0854 2852 WfpLwf - ok
18:27:31.0875 2852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:27:31.0877 2852 WIMMount - ok
18:27:31.0927 2852 WinDefend - ok
18:27:31.0932 2852 WinHttpAutoProxySvc - ok
18:27:31.0986 2852 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:27:31.0988 2852 Winmgmt - ok
18:27:32.0050 2852 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:27:32.0082 2852 WinRM - ok
18:27:32.0119 2852 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:27:32.0128 2852 Wlansvc - ok
18:27:32.0190 2852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:27:32.0191 2852 WmiAcpi - ok
18:27:32.0242 2852 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:27:32.0243 2852 wmiApSrv - ok
18:27:32.0292 2852 WMPNetworkSvc - ok
18:27:32.0321 2852 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:27:32.0323 2852 WPCSvc - ok
18:27:32.0355 2852 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:27:32.0357 2852 WPDBusEnum - ok
18:27:32.0384 2852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:27:32.0384 2852 ws2ifsl - ok
18:27:32.0403 2852 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:27:32.0405 2852 wscsvc - ok
18:27:32.0411 2852 WSearch - ok
18:27:32.0489 2852 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:27:32.0522 2852 wuauserv - ok
18:27:32.0576 2852 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:27:32.0577 2852 WudfPf - ok
18:27:32.0599 2852 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:27:32.0601 2852 WUDFRd - ok
18:27:32.0643 2852 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:27:32.0645 2852 wudfsvc - ok
18:27:32.0668 2852 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:27:32.0672 2852 WwanSvc - ok
18:27:32.0710 2852 X6va007 - ok
18:27:32.0797 2852 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
18:27:32.0799 2852 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
18:27:32.0804 2852 MBR (0x1B8) (e5c2901215dd185134516bb818e6bcb7) \Device\Harddisk0\DR0
18:27:32.0997 2852 \Device\Harddisk0\DR0 - ok
18:27:32.0999 2852 Boot (0x1200) (05442a65d33c168c2c9c460351a16597) \Device\Harddisk0\DR0\Partition0
18:27:33.0000 2852 \Device\Harddisk0\DR0\Partition0 - ok
18:27:33.0016 2852 Boot (0x1200) (88aa75c8cce39d940499de9b91f0a577) \Device\Harddisk0\DR0\Partition1
18:27:33.0017 2852 \Device\Harddisk0\DR0\Partition1 - ok
18:27:33.0053 2852 Boot (0x1200) (f1dd56a015a95bfb7201ef3d4aaa131f) \Device\Harddisk0\DR0\Partition2
18:27:33.0054 2852 \Device\Harddisk0\DR0\Partition2 - ok
18:27:33.0054 2852 ============================================================
18:27:33.0054 2852 Scan finished
18:27:33.0054 2852 ============================================================
18:27:33.0062 6368 Detected object count: 1
18:27:33.0062 6368 Actual detected object count: 1
18:27:44.0818 6368 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:27:44.0818 6368 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

My aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 18:28:41
-----------------------------
18:28:41.223 OS Version: Windows x64 6.1.7601 Service Pack 1
18:28:41.223 Number of processors: 4 586 0x403
18:28:41.223 ComputerName: CALVIN-PC UserName: Calvin
18:28:42.428 Initialize success
18:28:56.776 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
18:28:56.777 Disk 0 Vendor: WDC_____ 01.0 Size: 953674MB BusType: 8
18:28:56.789 Disk 0 MBR read successfully
18:28:56.790 Disk 0 MBR scan
18:28:56.791 Disk 0 unknown MBR code
18:28:56.797 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:28:56.811 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941976 MB offset 206848
18:28:56.849 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11594 MB offset 1929373928
18:28:56.890 Disk 0 scanning C:\Windows\system32\drivers
18:29:02.450 Service scanning
18:29:10.120 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:29:13.072 Modules scanning
18:29:13.077 Disk 0 trace - called modules:
18:29:13.088 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
18:29:13.092 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082ec060]
18:29:13.100 3 CLASSPNP.SYS[fffff88001b5343f] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80079259c0]
18:29:13.103 Scan finished successfully
18:29:31.390 Disk 0 MBR has been saved successfully to "C:\Users\Calvin\Desktop\internet fix\MBR.dat"
18:29:31.393 The log file has been saved successfully to "C:\Users\Calvin\Desktop\internet fix\aswMBR.txt"

#5 Calbin

Calbin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 01 April 2012 - 08:34 PM

my MBR.zip attachment

Attached Files

  • Attached File  MBR.zip   527bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 02 April 2012 - 09:13 AM

You are good to run this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#7 Calbin

Calbin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 02 April 2012 - 01:02 PM

Here is teh combofix log



ComboFix 12-04-01.03 - Calvin 04/02/2012 10:40:52.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.6834 [GMT -7:00]
Running from: c:\users\Calvin\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 17:45 . 2012-04-02 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 02:48 . 2012-04-02 02:48 -------- d-----w- c:\users\Calvin\AppData\Roaming\Leadertech
2012-04-02 02:48 . 2012-04-02 02:48 53248 ----a-r- c:\users\Calvin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-02 02:48 . 2012-04-02 02:48 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-04-02 02:48 . 2012-04-02 02:48 -------- d-----w- c:\programdata\LogiShrd
2012-04-02 02:48 . 2012-04-02 02:48 -------- d-----w- c:\program files\Common Files\Logishrd
2012-04-02 02:44 . 2012-04-02 02:44 -------- d-----w- c:\users\Calvin\AppData\Roaming\Logishrd
2012-04-02 02:44 . 2012-04-02 02:44 -------- d-----w- c:\users\Calvin\AppData\Roaming\Logitech
2012-03-17 20:59 . 2012-03-17 20:59 -------- d-----w- c:\program files (x86)\Z8Games
2012-03-17 19:49 . 2012-03-17 19:49 -------- d-----w- c:\program files (x86)\BP DOWNLOADER
2012-03-14 02:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 02:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 02:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:36 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:36 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:36 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:36 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 02:36 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:36 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:36 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 11:31 . 2010-07-27 23:13 27136 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2012-03-11 11:31 . 2010-03-24 23:57 713312 ----a-w- c:\windows\SysWow64\ijjiSetup.exe
2012-03-11 11:31 . 2010-03-24 23:56 62048 ----a-w- c:\windows\SysWow64\ijjiProcessRestarter.exe
2012-03-06 04:18 . 2012-03-11 10:02 -------- d-----w- c:\program files (x86)\ESET
2012-03-04 21:42 . 2012-03-11 10:03 -------- d-----w- c:\windows\system32\Macromed
2012-03-04 03:56 . 2012-03-04 03:56 -------- d-----w- C:\$AVG
2012-03-03 22:18 . 2012-03-11 10:03 -------- d-----w- c:\users\Calvin\AppData\Roaming\Ventrilo
2012-03-03 22:18 . 2012-03-03 22:18 -------- d-----w- c:\program files\Ventrilo
2012-03-03 22:18 . 2012-03-03 22:18 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-03 19:07 . 2012-03-03 19:07 -------- d-----w- c:\program files (x86)\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 21:42 . 2011-12-30 18:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 03:46 . 2011-12-28 21:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 00:32 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-20 00:32 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-02 22:50 . 2012-01-15 03:57 5265 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-02-02 22:50 . 2012-01-15 03:57 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 13:33 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-02 98304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-25 928096]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
.
c:\users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va007;X6va007;c:\users\Calvin\AppData\Local\Temp\0071AB0.tmp [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/22 19:35];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 01:41 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1821269181-757616879-1940260227-1000Core.job
- c:\users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 20:29]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1821269181-757616879-1940260227-1000UA.job
- c:\users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 20:29]
.
2012-04-01 c:\windows\Tasks\HPCeeScheduleForCalvin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\i1iqkhdz.default\
FF - prefs.js: browser.startup.homepage - prizerebel.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B72e34710-0008-4321-8617-c17d12e88dd6%7D&mid=7a41a6e1679747d1acbf099ac3909b9a-55b05d35613c7149e9e254e75c42ff288501c854&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2011-12-28%2011%3A59%3A13&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\Calvin\AppData\Local\Temp\0071AB0.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-02 10:51:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 17:51
.
Pre-Run: 852,650,598,400 bytes free
Post-Run: 852,626,755,584 bytes free
.
- - End Of File - - A7AE5A3742EC5EDA701E5410A05A082C

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 03 April 2012 - 08:06 AM

X6va007

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]

Open notepad and copy/paste the text in the quote box below into it:

Driver::
X6va007

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]

ClearJavaCache::


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#9 Calbin

Calbin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 03 April 2012 - 05:01 PM

Here is the combofix log


ComboFix 12-04-01.03 - Calvin 04/03/2012 14:40:46.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.6155 [GMT -7:00]
Running from: c:\users\Calvin\Downloads\ComboFix.exe
Command switches used :: c:\users\Calvin\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA007
-------\Service_X6va007
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 21:45 . 2012-04-03 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 20:28 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-03 20:28 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-03 20:28 . 2011-12-14 03:32 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-02 02:48 . 2012-04-02 02:48 -------- d-----w- c:\users\Calvin\AppData\Roaming\Leadertech
2012-04-02 02:48 . 2012-04-02 02:48 53248 ----a-r- c:\users\Calvin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-02 02:48 . 2012-04-02 02:48 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-04-02 02:48 . 2012-04-02 02:48 -------- d-----w- c:\programdata\LogiShrd
2012-04-02 02:48 . 2012-04-02 02:48 -------- d-----w- c:\program files\Common Files\Logishrd
2012-04-02 02:44 . 2012-04-02 02:44 -------- d-----w- c:\users\Calvin\AppData\Roaming\Logishrd
2012-04-02 02:44 . 2012-04-02 02:44 -------- d-----w- c:\users\Calvin\AppData\Roaming\Logitech
2012-03-17 20:59 . 2012-03-17 20:59 -------- d-----w- c:\program files (x86)\Z8Games
2012-03-17 19:49 . 2012-03-17 19:49 -------- d-----w- c:\program files (x86)\BP DOWNLOADER
2012-03-14 02:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 02:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 02:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:36 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:36 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:36 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:36 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 02:36 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:36 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:36 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 11:31 . 2010-07-27 23:13 27136 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2012-03-11 11:31 . 2010-03-24 23:57 713312 ----a-w- c:\windows\SysWow64\ijjiSetup.exe
2012-03-11 11:31 . 2010-03-24 23:56 62048 ----a-w- c:\windows\SysWow64\ijjiProcessRestarter.exe
2012-03-06 04:18 . 2012-03-11 10:02 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 21:42 . 2011-12-30 18:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 03:46 . 2011-12-28 21:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 00:32 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-20 00:32 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-02 22:50 . 2012-01-15 03:57 5265 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-02-02 22:50 . 2012-01-15 03:57 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_17.48.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-03 20:28 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-03 20:27 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-03 20:27 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-14 04:54 . 2012-04-03 21:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-01 08:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-01 08:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 21:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 08:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 21:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-23 03:22 . 2012-04-03 21:27 36596 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-03 21:27 27842 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-03 20:28 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 96256 c:\windows\system32\mshtmled.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-03 20:27 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-03 20:27 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 85504 c:\windows\system32\jsproxy.dll
- 2009-07-14 05:30 . 2012-02-20 00:57 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-03 21:33 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 04:46 . 2012-04-03 21:09 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-03 21:33 . 2012-04-03 21:33 32256 c:\windows\Installer\18c117.msi
+ 2011-12-28 21:30 . 2012-04-03 21:33 49152 c:\windows\Installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}\UNINST_Uninstall_H_8AD6F64309CF42C693274CB5A3D89801.exe
- 2011-12-28 21:30 . 2012-02-12 04:37 49152 c:\windows\Installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}\UNINST_Uninstall_H_8AD6F64309CF42C693274CB5A3D89801.exe
+ 2011-12-28 21:30 . 2012-04-03 21:33 53248 c:\windows\Installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}\ARPPRODUCTICON.exe
- 2011-12-28 21:30 . 2012-02-12 04:37 53248 c:\windows\Installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}\ARPPRODUCTICON.exe
+ 2012-04-03 21:35 . 2012-04-03 21:35 57344 c:\windows\Installer\{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}\ARPPRODUCTICON.exe
+ 2011-12-28 20:20 . 2012-04-03 21:27 9098 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1821269181-757616879-1940260227-1000_UserData.bin
- 2012-04-02 17:47 . 2012-04-02 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 21:47 . 2012-04-03 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 21:47 . 2012-04-03 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-02 17:47 . 2012-04-02 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-03 20:27 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 231936 c:\windows\SysWOW64\url.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-03 20:27 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-03 20:27 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-12-28 19:38 . 2012-04-03 20:27 333552 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-04-03 20:27 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-04-03 21:11 615122 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-02 07:31 615122 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-02 07:31 103496 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-03 21:11 103496 c:\windows\system32\perfc009.dat
+ 2012-04-03 20:27 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
- 2012-04-01 23:14 . 2012-04-01 23:14 248320 c:\windows\system32\ieui.dll
+ 2012-04-03 20:27 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 05:30 . 2012-04-03 21:33 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-20 00:57 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:01 . 2012-04-02 17:46 398912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-03 21:46 398912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-15 04:41 . 2012-04-03 20:29 521176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1821269181-757616879-1940260227-1000-12288.dat
- 2012-01-15 04:41 . 2012-04-02 17:46 521176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1821269181-757616879-1940260227-1000-12288.dat
+ 2012-04-03 20:27 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-03 20:27 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-03 20:27 . 2011-12-14 03:04 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-04-03 20:27 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-03 20:27 . 2011-12-14 03:10 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-04-03 20:27 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
+ 2012-04-03 20:27 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-04-03 20:27 . 2011-12-14 07:11 2308096 c:\windows\system32\jscript9.dll
+ 2012-04-03 20:27 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2012-04-03 21:09 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-01 23:59 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-28 20:10 . 2012-04-03 21:46 1320872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1821269181-757616879-1940260227-1000-8192.dat
+ 2012-04-03 20:27 . 2011-12-14 03:30 12282368 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-04-03 21:07 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-03 20:27 . 2011-12-14 07:43 17790464 c:\windows\system32\mshtml.dll
+ 2012-04-03 20:27 . 2011-12-14 07:16 10887168 c:\windows\system32\ieframe.dll
+ 2012-04-03 21:33 . 2012-04-03 21:33 30464196 c:\windows\Installer\18c5d3.msi
+ 2012-04-03 21:33 . 2012-04-03 21:33 15234048 c:\windows\Installer\18c133.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 13:33 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-02 98304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-25 928096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-02 634880]
.
c:\users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/22 19:35];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 01:41 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1821269181-757616879-1940260227-1000Core.job
- c:\users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 20:29]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1821269181-757616879-1940260227-1000UA.job
- c:\users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 20:29]
.
2012-04-01 c:\windows\Tasks\HPCeeScheduleForCalvin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"combofix"="c:\combofix\CF9442.3XE" [2010-11-20 345088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\i1iqkhdz.default\
FF - prefs.js: browser.startup.homepage - prizerebel.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B72e34710-0008-4321-8617-c17d12e88dd6%7D&mid=7a41a6e1679747d1acbf099ac3909b9a-55b05d35613c7149e9e254e75c42ff288501c854&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2011-12-28%2011%3A59%3A13&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-03 14:51:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 21:51
.
Pre-Run: 851,460,792,320 bytes free
Post-Run: 859,050,172,416 bytes free
.
- - End Of File - - 8FC876D8E3F6CA7E59AC322B3694FEEA



Here is teh checkup

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 31
Adobe Reader X (10.1.2)
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
BillP Studios WinPatrol WinPatrol.exe
``````````End of Log````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 04 April 2012 - 08:29 AM

Your logs are clean.

Is the issue solved?

#11 Calbin

Calbin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 04 April 2012 - 12:05 PM

I have realized that this problem only occurs when I plug my router into my modem box supplied by AT&T.
I believe AT&T is at fault, perhaps.
Anyways, thank you for your assistance!

I forgot to ask, does a malware that affects internet connectivity actually exist? Such as one that
periodically changes the IP Address, causing connectivity problems?

Edited by Calbin, 04 April 2012 - 12:07 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 04 April 2012 - 01:20 PM

I forgot to ask, does a malware that affects internet connectivity actually exist? Such as one that
periodically changes the IP Address, causing connectivity problems?

Yes in many forms.


Your router may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#13 Calbin

Calbin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 07 April 2012 - 09:00 PM

For some odd reason, the problem continues to persist even after I have reset my router back to factory default settings. When the problem occurs, my Internet browser fails to load, unless I restart my computer.
Oddly enough, programs, such as AIM from AOL works(I'm still able to chat with people). Other than that, nothing else functions unless I restart my computer.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 08 April 2012 - 08:21 AM

Not sure if this is exactly your issue. Something to look and try.

http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/need-to-refresh-constantly/ca515818-a70c-4a96-a288-852e2fc3ce56

Have you ever tried Firefox?
I use it all the time.

#15 Calbin

Calbin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 08 April 2012 - 01:41 PM

It is similar to mine but it isn't. When I this problem occurs, my browser would show that it is loading, but never finishes. I use firefox and chrome, both are the same.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users