Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware: redirects and crashes


  • This topic is locked This topic is locked
24 replies to this topic

#1 raviss

raviss

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 31 March 2012 - 09:53 PM

When I click on something it redirects me to gimme answers or happily. Malware bytes says it is trojan.agent . In svchost.
My computer also crashes and gets blue screens

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Sunil at 21:53:54 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4317 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Sunil\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Sunil\AppData\Local\Akamai\netsession_win.exe
C:\Users\Sunil\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Users\Sunil\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Sunil\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Windows\sysWOW64\svchost.exe -k netsvc
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\real\realplayer\update\realsched.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2117678
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
uRun: [Google Update] "C:\Users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Akamai NetSession Interface] "C:\Users\Sunil\AppData\Local\Akamai\netsession_win.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mRunOnce: [regV2iPlugin] regsvr32 /s "C:\Program Files (x86)\Common Files\Symantec Shared\RPAM\V2iPlugin.dll"
dRun: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll",DllRegisterServer
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Sunil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sunil\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sunil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3E77839A-FA6A-47A1-82CF-F85801D5D6DF} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mRunOnce-x64: [regV2iPlugin] regsvr32 /s "C:\Program Files (x86)\Common Files\Symantec Shared\RPAM\V2iPlugin.dll"
Hosts: 87.229.126.54 www.google.com
Hosts: 87.229.126.55 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\ezcxlr72.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Sunil\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sunil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sunil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120327.002\IDSviA64.sys [2012-3-27 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-12 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-23 138232]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-12 660800]
R2 SPService;SPService;C:\Windows\sysWOW64\svchost.exe -k netsvc --> C:\Windows\sysWOW64\svchost.exe -k netsvc [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-8 138360]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;QuickCam Communicate Deluxe(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-16 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-8-9 130976]
S3 GenericMount Helper Service;GenericMount Helper Service;"C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe" --> C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [?]
S3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-16 136176]
S3 SymSnapService;SymSnapService;"C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" --> C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-26 19:12:43 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 19:12:43 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-23 11:11:04 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-23 11:11:04 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-23 11:11:04 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-23 11:11:04 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-23 11:11:04 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-23 11:11:04 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-23 11:11:04 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-23 11:10:59 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A
2012-03-14 04:01:20 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 04:01:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 04:01:18 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:13:46 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 02:13:46 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 02:13:46 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 02:13:45 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 02:13:45 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 02:13:44 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 02:13:44 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 22:32:46 20480 ----a-w- C:\Windows\svchost.exe
2012-03-09 00:10:13 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtsp64.sys
2012-03-09 00:10:13 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306010.008\symds64.sys
2012-03-09 00:10:13 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symnets.sys
2012-03-09 00:10:13 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtspx64.sys
2012-03-09 00:10:13 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ironx64.sys
2012-03-09 00:10:13 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ccsetx64.sys
2012-03-09 00:10:13 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symefa64.sys
2012-03-09 00:10:06 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306010.008
2012-03-08 01:57:45 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-08 01:57:42 -------- d-----w- C:\Program Files\AMD
2012-03-08 01:57:42 -------- d-----w- C:\Program Files (x86)\AMD
2012-03-08 01:57:38 -------- d-----w- C:\Program Files (x86)\AMD APP
.
==================== Find3M ====================
.
2012-03-23 11:11:13 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-04 02:52:04 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-03-04 02:50:19 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-04 02:50:19 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-03 23:32:30 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-20 02:56:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 03:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-15 03:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 03:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-15 03:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-15 03:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-15 03:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-15 03:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 03:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-01-31 11:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 11:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-15 00:41:21 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-02 17:31:03 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-01-02 17:31:03 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-01-02 17:31:03 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-01-02 17:31:03 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 21:54:49.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 01 April 2012 - 12:40 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 01 April 2012 - 07:54 PM

Hi Gringo, I constantly got blue screens, and 20 windows saying I had a read/write hard disk error, and a hard disk failure. I ran hard disk checkup and it did not detect any HDD errors. I was not able to run combofix, so I rebooted in safe-mode.In safe mode I ran combofix. It asked me to stop any antivirus software, but I had none running. So I ran combofix anyways, it worked. Here is the log:











ComboFix 12-04-01.01 - Sunil 04/01/2012 19:37:52.1.3 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.5230 [GMT -4:00]
Running from: c:\users\Sunil\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\IIGbnWFekoXJVBa.exe
c:\programdata\PDTxINtd0wR8YM.exe
c:\programdata\rmIhrYfwFjUdy.exe
c:\users\Sunil\AppData\Roaming\Local
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\d5o8uta6o0rp1.avi.ddr
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Sunil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\d5o8uta6o0rp1.avi.ddp
c:\users\Sunil\Documents\~WRL0005.tmp
c:\users\Sunil\Documents\~WRL0498.tmp
c:\users\Sunil\Documents\~WRL1017.tmp
c:\users\Sunil\Documents\~WRL1326.tmp
c:\users\Sunil\Documents\~WRL1419.tmp
c:\users\Sunil\Documents\~WRL2034.tmp
c:\users\Sunil\Documents\~WRL2060.tmp
c:\users\Sunil\Documents\~WRL2140.tmp
c:\windows\es.exe
c:\windows\Fonts\0u55y4.com
c:\windows\pthreadGC2.dll
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At11.job
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 23:44 . 2012-04-01 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-26 19:12 . 2012-03-26 19:12 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 19:12 . 2012-03-26 19:12 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-23 11:10 . 2012-04-01 02:11 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-14 04:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:13 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:13 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:13 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:13 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:13 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:13 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:13 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 02:03 . 2012-03-08 02:03 -------- d-----w- c:\programdata\ATI
2012-03-08 01:57 . 2012-03-08 01:57 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-08 01:57 . 2012-03-08 01:57 -------- d--h--w- c:\program files\AMD
2012-03-08 01:57 . 2012-03-08 01:57 -------- d-----w- c:\program files (x86)\AMD
2012-03-08 01:57 . 2012-03-08 01:57 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 11:11 . 2012-01-29 02:27 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-04 02:52 . 2010-07-26 00:01 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-04 02:50 . 2010-07-28 01:15 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-04 02:50 . 2010-07-28 01:13 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-03 23:32 . 2010-07-28 01:13 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-20 02:56 . 2011-05-28 02:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-12-06 03:17 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-10-27 07:54 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 03:05 . 2012-02-15 03:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 03:05 . 2012-02-15 03:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 03:05 . 2012-02-15 03:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 03:05 . 2012-02-15 03:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 03:05 . 2012-02-15 03:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 03:04 . 2012-02-15 03:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 03:03 . 2012-02-15 03:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 03:03 . 2012-02-15 03:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2010-07-12 17:08 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-12-06 02:33 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-12-06 02:28 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-10-27 07:15 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-10-27 07:13 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-11-10 02:11 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-15 00:41 . 2010-07-28 01:13 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-04 10:44 . 2012-02-15 07:37 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 07:37 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sunil\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-09-14 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-12-18 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Update"="c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll" [2012-03-14 312832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-08-01 231888]
.
c:\users\Sunil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sunil\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-01 138360]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 00:38]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 00:38]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3040787894-4200104110-3814792442-1001Core.job
- c:\users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 07:03]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3040787894-4200104110-3814792442-1001UA.job
- c:\users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 07:03]
.
2012-04-01 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-04-01 c:\windows\Tasks\NeroLiveEpgUpdate-Sunil-PC_Sunil.job
- c:\program files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 17:51]
.
2012-03-31 c:\windows\Tasks\Norton Security Scan for Sunil.job
- c:\progra~2\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-17 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 21:44 81024 ---ha-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 531272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2117678
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\ezcxlr72.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
BHO-{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKLM-Run-rmIhrYfwFjUdy.exe - c:\programdata\rmIhrYfwFjUdy.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d7,50,89,22,b4,0f,cd,01
.
[HKEY_USERS\S-1-5-21-3040787894-4200104110-3814792442-1001\Software\SecuROM\License information*]
"datasecu"=hex:c2,22,7a,08,9f,fb,78,15,45,4e,a1,9b,63,3e,f8,e3,9c,cd,94,d0,99,
01,9d,05,38,14,c8,95,05,70,1d,d5,40,5b,b0,a0,9b,01,7f,53,dd,e9,2b,02,23,97,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1f,b9,77,c6,15,a9,50,3d,04,1d,30,0a,f5,74,af,42,e4,f6,54,e5,8a,
f8,33,35,90,6d,22,ee,a3,32,dd,9b,2c,7f,56,4b,48,e3,22,9f,e5,cc,a5,42,08,55,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:1f,b9,77,c6,15,a9,50,3d,04,1d,30,0a,f5,74,af,42,e4,f6,54,e5,8a,
f8,33,35,90,6d,22,ee,a3,32,dd,9b,2c,7f,56,4b,48,e3,22,9f,e5,cc,a5,42,08,55,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-01 20:10:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 00:10
.
Pre-Run: 428,231,077,888 bytes free
Post-Run: 427,903,164,416 bytes free
.
- - End Of File - - 58ADF2B87D922858BE43B1F8E2C23AF4

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 01 April 2012 - 08:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 02 April 2012 - 05:09 PM

HI, here are the results for TDSSKiller:
16:10:01.0478 3948 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
16:10:02.0055 3948 ============================================================
16:10:02.0055 3948 Current date / time: 2012/04/02 16:10:02.0055
16:10:02.0055 3948 SystemInfo:
16:10:02.0055 3948
16:10:02.0055 3948 OS Version: 6.1.7601 ServicePack: 1.0
16:10:02.0055 3948 Product type: Workstation
16:10:02.0055 3948 ComputerName: SUNIL-PC
16:10:02.0055 3948 UserName: Sunil
16:10:02.0055 3948 Windows directory: C:\Windows
16:10:02.0055 3948 System windows directory: C:\Windows
16:10:02.0055 3948 Running under WOW64
16:10:02.0055 3948 Processor architecture: Intel x64
16:10:02.0055 3948 Number of processors: 3
16:10:02.0055 3948 Page size: 0x1000
16:10:02.0055 3948 Boot type: Normal boot
16:10:02.0055 3948 ============================================================
16:10:05.0939 3948 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:05.0955 3948 Drive \Device\Harddisk1\DR2 - Size: 0x7A56E000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:10:05.0955 3948 \Device\Harddisk0\DR0:
16:10:05.0955 3948 MBR used
16:10:05.0955 3948 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000
16:10:05.0955 3948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x5616E800
16:10:05.0955 3948 \Device\Harddisk1\DR2:
16:10:05.0955 3948 MBR used
16:10:05.0955 3948 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3D2B50
16:10:06.0080 3948 Initialize success
16:10:06.0080 3948 ============================================================
16:10:15.0037 1232 ============================================================
16:10:15.0037 1232 Scan started
16:10:15.0037 1232 Mode: Manual;
16:10:15.0037 1232 ============================================================
16:10:25.0139 1232 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:10:25.0141 1232 1394ohci - ok
16:10:25.0490 1232 ACDaemon - ok
16:10:25.0712 1232 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:10:25.0716 1232 ACPI - ok
16:10:25.0952 1232 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:10:25.0952 1232 AcpiPmi - ok
16:10:26.0067 1232 AdobeActiveFileMonitor (f487ee1425d9533aef4b1d991fc5abbe) C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
16:10:26.0070 1232 AdobeActiveFileMonitor - ok
16:10:26.0172 1232 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:10:26.0173 1232 AdobeARMservice - ok
16:10:26.0574 1232 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:10:26.0578 1232 AdobeFlashPlayerUpdateSvc - ok
16:10:26.0622 1232 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:10:26.0628 1232 adp94xx - ok
16:10:26.0684 1232 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:10:26.0697 1232 adpahci - ok
16:10:26.0815 1232 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:10:26.0818 1232 adpu320 - ok
16:10:26.0893 1232 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:10:26.0898 1232 AeLookupSvc - ok
16:10:27.0143 1232 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
16:10:27.0143 1232 Afc - ok
16:10:27.0246 1232 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:10:27.0297 1232 AFD - ok
16:10:27.0427 1232 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:10:27.0428 1232 agp440 - ok
16:10:28.0432 1232 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
16:10:28.0432 1232 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
16:10:28.0439 1232 Akamai ( HiddenFile.Multi.Generic ) - warning
16:10:28.0439 1232 Akamai - detected HiddenFile.Multi.Generic (1)
16:10:28.0808 1232 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:10:28.0813 1232 ALG - ok
16:10:29.0055 1232 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:10:29.0056 1232 aliide - ok
16:10:29.0235 1232 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
16:10:29.0238 1232 AMD External Events Utility - ok
16:10:29.0436 1232 AMD FUEL Service - ok
16:10:29.0527 1232 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:10:29.0529 1232 amdide - ok
16:10:29.0706 1232 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:10:29.0708 1232 amdiox64 - ok
16:10:29.0921 1232 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:10:29.0925 1232 AmdK8 - ok
16:10:31.0066 1232 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:31.0247 1232 amdkmdag - ok
16:10:31.0291 1232 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
16:10:31.0296 1232 amdkmdap - ok
16:10:31.0333 1232 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:10:31.0333 1232 AmdPPM - ok
16:10:31.0369 1232 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:10:31.0373 1232 amdsata - ok
16:10:31.0399 1232 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:10:31.0402 1232 amdsbs - ok
16:10:31.0423 1232 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:10:31.0426 1232 amdxata - ok
16:10:31.0464 1232 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:10:31.0466 1232 AODDriver4.01 - ok
16:10:31.0491 1232 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:10:31.0492 1232 AODDriver4.1 - ok
16:10:31.0534 1232 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:10:31.0537 1232 AppID - ok
16:10:31.0562 1232 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:10:31.0564 1232 AppIDSvc - ok
16:10:31.0585 1232 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:10:31.0587 1232 Appinfo - ok
16:10:31.0651 1232 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:10:31.0654 1232 Apple Mobile Device - ok
16:10:31.0681 1232 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:10:31.0684 1232 arc - ok
16:10:31.0701 1232 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:10:31.0703 1232 arcsas - ok
16:10:32.0292 1232 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:10:32.0294 1232 aspnet_state - ok
16:10:32.0450 1232 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:32.0453 1232 AsyncMac - ok
16:10:32.0644 1232 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:10:32.0645 1232 atapi - ok
16:10:32.0908 1232 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
16:10:32.0914 1232 AtiHdmiService - ok
16:10:36.0876 1232 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:36.0933 1232 atikmdag - ok
16:10:38.0512 1232 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:10:38.0515 1232 AtiPcie - ok
16:10:40.0425 1232 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:10:40.0538 1232 AudioEndpointBuilder - ok
16:10:40.0596 1232 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:10:40.0601 1232 AudioSrv - ok
16:10:41.0100 1232 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:10:41.0102 1232 AxInstSV - ok
16:10:41.0445 1232 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:10:41.0543 1232 b06bdrv - ok
16:10:41.0715 1232 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:10:41.0764 1232 b57nd60a - ok
16:10:42.0191 1232 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:10:42.0192 1232 BDESVC - ok
16:10:42.0284 1232 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:10:42.0290 1232 Beep - ok
16:10:42.0494 1232 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:10:42.0502 1232 BFE - ok
16:10:42.0909 1232 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
16:10:42.0936 1232 BHDrvx64 - ok
16:10:42.0974 1232 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:10:42.0983 1232 BITS - ok
16:10:43.0002 1232 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:10:43.0005 1232 blbdrive - ok
16:10:43.0056 1232 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:10:43.0061 1232 Bonjour Service - ok
16:10:43.0100 1232 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:10:43.0103 1232 bowser - ok
16:10:43.0119 1232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:10:43.0121 1232 BrFiltLo - ok
16:10:43.0131 1232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:10:43.0133 1232 BrFiltUp - ok
16:10:43.0164 1232 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:10:43.0166 1232 BridgeMP - ok
16:10:43.0188 1232 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:10:43.0191 1232 Browser - ok
16:10:43.0327 1232 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:10:43.0331 1232 Brserid - ok
16:10:43.0443 1232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:10:43.0445 1232 BrSerWdm - ok
16:10:43.0505 1232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:43.0507 1232 BrUsbMdm - ok
16:10:43.0735 1232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:10:43.0737 1232 BrUsbSer - ok
16:10:43.0886 1232 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:10:43.0889 1232 BTHMODEM - ok
16:10:44.0037 1232 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:10:44.0039 1232 bthserv - ok
16:10:44.0093 1232 catchme - ok
16:10:44.0146 1232 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
16:10:44.0151 1232 ccSet_NIS - ok
16:10:44.0173 1232 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:10:44.0176 1232 cdfs - ok
16:10:44.0223 1232 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:10:44.0225 1232 cdrom - ok
16:10:44.0260 1232 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:10:44.0263 1232 CertPropSvc - ok
16:10:44.0277 1232 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:10:44.0281 1232 circlass - ok
16:10:44.0303 1232 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:10:44.0307 1232 CLFS - ok
16:10:44.0352 1232 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:44.0355 1232 clr_optimization_v2.0.50727_32 - ok
16:10:44.0380 1232 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:10:44.0384 1232 clr_optimization_v2.0.50727_64 - ok
16:10:44.0429 1232 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:44.0431 1232 clr_optimization_v4.0.30319_32 - ok
16:10:44.0533 1232 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:10:44.0536 1232 clr_optimization_v4.0.30319_64 - ok
16:10:44.0603 1232 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:10:44.0605 1232 CmBatt - ok
16:10:44.0667 1232 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:10:44.0669 1232 cmdide - ok
16:10:44.0713 1232 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:10:44.0721 1232 CNG - ok
16:10:44.0750 1232 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:10:44.0753 1232 Compbatt - ok
16:10:44.0906 1232 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:10:44.0908 1232 CompositeBus - ok
16:10:44.0925 1232 COMSysApp - ok
16:10:44.0984 1232 cpuz135 - ok
16:10:45.0010 1232 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:10:45.0013 1232 crcdisk - ok
16:10:45.0040 1232 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:10:45.0043 1232 CryptSvc - ok
16:10:45.0077 1232 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:10:45.0083 1232 DcomLaunch - ok
16:10:45.0109 1232 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:10:45.0112 1232 defragsvc - ok
16:10:45.0135 1232 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:10:45.0139 1232 DfsC - ok
16:10:45.0165 1232 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:10:45.0168 1232 Dhcp - ok
16:10:45.0178 1232 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:10:45.0180 1232 discache - ok
16:10:45.0208 1232 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:10:45.0211 1232 Disk - ok
16:10:45.0232 1232 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:10:45.0235 1232 Dnscache - ok
16:10:45.0673 1232 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
16:10:45.0676 1232 DockLoginService - ok
16:10:45.0842 1232 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:10:45.0846 1232 dot3svc - ok
16:10:46.0010 1232 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:10:46.0012 1232 dot4 - ok
16:10:46.0038 1232 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:10:46.0040 1232 Dot4Print - ok
16:10:46.0052 1232 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
16:10:46.0055 1232 Dot4Scan - ok
16:10:46.0070 1232 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:10:46.0072 1232 dot4usb - ok
16:10:46.0101 1232 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:10:46.0104 1232 DPS - ok
16:10:46.0131 1232 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:10:46.0133 1232 drmkaud - ok
16:10:46.0163 1232 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:10:46.0173 1232 DXGKrnl - ok
16:10:46.0225 1232 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:10:46.0228 1232 EapHost - ok
16:10:46.0304 1232 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:10:46.0365 1232 ebdrv - ok
16:10:46.0420 1232 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:10:46.0426 1232 eeCtrl - ok
16:10:46.0454 1232 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:10:46.0456 1232 EFS - ok
16:10:46.0669 1232 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:10:46.0693 1232 ehRecvr - ok
16:10:46.0721 1232 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:10:46.0724 1232 ehSched - ok
16:10:46.0754 1232 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:10:46.0760 1232 elxstor - ok
16:10:46.0959 1232 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
16:10:46.0961 1232 EPSON_PM_RPCV4_01 - ok
16:10:47.0043 1232 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:10:47.0046 1232 EraserUtilRebootDrv - ok
16:10:47.0075 1232 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:10:47.0077 1232 ErrDev - ok
16:10:47.0106 1232 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:10:47.0110 1232 EventSystem - ok
16:10:47.0128 1232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:10:47.0130 1232 exfat - ok
16:10:47.0158 1232 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:10:47.0161 1232 fastfat - ok
16:10:47.0431 1232 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:10:47.0448 1232 Fax - ok
16:10:47.0466 1232 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:10:47.0469 1232 fdc - ok
16:10:47.0503 1232 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:10:47.0507 1232 fdPHost - ok
16:10:47.0514 1232 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:10:47.0515 1232 FDResPub - ok
16:10:47.0562 1232 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:10:47.0565 1232 FileInfo - ok
16:10:47.0585 1232 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:10:47.0587 1232 Filetrace - ok
16:10:47.0623 1232 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:10:47.0630 1232 FLEXnet Licensing Service - ok
16:10:47.0649 1232 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:10:47.0651 1232 flpydisk - ok
16:10:47.0671 1232 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:10:47.0675 1232 FltMgr - ok
16:10:47.0719 1232 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:10:47.0745 1232 FontCache - ok
16:10:47.0913 1232 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:10:47.0917 1232 FontCache3.0.0.0 - ok
16:10:47.0982 1232 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:10:47.0984 1232 FsDepends - ok
16:10:48.0085 1232 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:10:48.0088 1232 fssfltr - ok
16:10:48.0156 1232 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:10:48.0183 1232 fsssvc - ok
16:10:48.0229 1232 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:10:48.0232 1232 Fs_Rec - ok
16:10:48.0341 1232 Futuremark SystemInfo Service (a33bcf3fab19db7d0b501036722f311b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
16:10:48.0344 1232 Futuremark SystemInfo Service - ok
16:10:48.0585 1232 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:10:48.0588 1232 fvevol - ok
16:10:48.0651 1232 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:10:48.0653 1232 gagp30kx - ok
16:10:48.0760 1232 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:10:48.0767 1232 GEARAspiWDM - ok
16:10:48.0826 1232 GenericMount (9ba50351af95c9df28c8bcd382427d11) C:\Windows\system32\DRIVERS\GenericMount.sys
16:10:48.0829 1232 GenericMount - ok
16:10:48.0844 1232 GenericMount Helper Service - ok
16:10:48.0950 1232 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:10:48.0953 1232 GoToAssist - ok
16:10:48.0995 1232 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:10:49.0003 1232 gpsvc - ok
16:10:49.0036 1232 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:10:49.0037 1232 gupdate - ok
16:10:49.0050 1232 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:10:49.0051 1232 gupdatem - ok
16:10:49.0074 1232 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:10:49.0076 1232 gusvc - ok
16:10:49.0102 1232 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:10:49.0104 1232 hamachi - ok
16:10:49.0128 1232 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:10:49.0130 1232 hcw85cir - ok
16:10:49.0154 1232 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:10:49.0157 1232 HDAudBus - ok
16:10:49.0171 1232 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:10:49.0174 1232 HidBatt - ok
16:10:49.0195 1232 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:10:49.0198 1232 HidBth - ok
16:10:49.0215 1232 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:10:49.0217 1232 HidIr - ok
16:10:49.0238 1232 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:10:49.0242 1232 hidserv - ok
16:10:49.0283 1232 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:10:49.0286 1232 HidUsb - ok
16:10:49.0309 1232 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:10:49.0312 1232 hkmsvc - ok
16:10:49.0450 1232 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:10:49.0458 1232 HomeGroupListener - ok
16:10:49.0607 1232 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:10:49.0611 1232 HomeGroupProvider - ok
16:10:49.0662 1232 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:10:49.0665 1232 HpSAMD - ok
16:10:49.0713 1232 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:10:49.0747 1232 HTTP - ok
16:10:49.0820 1232 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:10:49.0823 1232 hwpolicy - ok
16:10:49.0902 1232 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:10:49.0904 1232 i8042prt - ok
16:10:50.0222 1232 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:10:50.0227 1232 iaStorV - ok
16:10:50.0541 1232 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:10:50.0565 1232 idsvc - ok
16:10:50.0941 1232 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120330.002\IDSvia64.sys
16:10:50.0997 1232 IDSVia64 - ok
16:10:51.0185 1232 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:10:51.0189 1232 iirsp - ok
16:10:51.0409 1232 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:10:51.0441 1232 IKEEXT - ok
16:10:51.0556 1232 IntcAzAudAddService (9526f32b8a76f8dc25a1587400e30084) C:\Windows\system32\drivers\RTKVHD64.sys
16:10:51.0592 1232 IntcAzAudAddService - ok
16:10:51.0683 1232 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:10:51.0687 1232 intelide - ok
16:10:52.0189 1232 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:10:52.0192 1232 intelppm - ok
16:10:52.0459 1232 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:10:52.0461 1232 IPBusEnum - ok
16:10:52.0706 1232 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:52.0708 1232 IpFilterDriver - ok
16:10:52.0772 1232 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:10:52.0778 1232 iphlpsvc - ok
16:10:52.0800 1232 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:10:52.0803 1232 IPMIDRV - ok
16:10:52.0827 1232 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:10:52.0830 1232 IPNAT - ok
16:10:52.0873 1232 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
16:10:52.0882 1232 iPod Service - ok
16:10:52.0904 1232 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:10:52.0906 1232 IRENUM - ok
16:10:52.0935 1232 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:10:52.0938 1232 isapnp - ok
16:10:52.0971 1232 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:10:52.0975 1232 iScsiPrt - ok
16:10:53.0028 1232 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:10:53.0031 1232 k57nd60a - ok
16:10:53.0063 1232 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:10:53.0066 1232 kbdclass - ok
16:10:53.0096 1232 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:10:53.0098 1232 kbdhid - ok
16:10:53.0122 1232 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:10:53.0123 1232 KeyIso - ok
16:10:53.0135 1232 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:10:53.0138 1232 KSecDD - ok
16:10:53.0159 1232 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:10:53.0161 1232 KSecPkg - ok
16:10:53.0180 1232 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:10:53.0181 1232 ksthunk - ok
16:10:53.0221 1232 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:10:53.0224 1232 KtmRm - ok
16:10:53.0253 1232 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:10:53.0259 1232 LanmanServer - ok
16:10:53.0292 1232 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:10:53.0295 1232 LanmanWorkstation - ok
16:10:53.0314 1232 Lbd - ok
16:10:53.0375 1232 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:10:53.0379 1232 LBTServ - ok
16:10:53.0407 1232 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:10:53.0410 1232 LHidFilt - ok
16:10:53.0453 1232 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:10:53.0455 1232 lltdio - ok
16:10:53.0484 1232 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:10:53.0487 1232 lltdsvc - ok
16:10:53.0502 1232 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:10:53.0503 1232 lmhosts - ok
16:10:53.0521 1232 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:10:53.0523 1232 LMouFilt - ok
16:10:53.0552 1232 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:10:53.0555 1232 LSI_FC - ok
16:10:53.0570 1232 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:10:53.0573 1232 LSI_SAS - ok
16:10:53.0590 1232 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:10:53.0593 1232 LSI_SAS2 - ok
16:10:53.0603 1232 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:10:53.0606 1232 LSI_SCSI - ok
16:10:53.0649 1232 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:10:53.0653 1232 luafv - ok
16:10:53.0671 1232 LUsbFilt (da3494df01c62d821911ed91ce5e1642) C:\Windows\system32\Drivers\LUsbFilt.Sys
16:10:53.0674 1232 LUsbFilt - ok
16:10:53.0722 1232 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:10:53.0725 1232 LVPr2M64 - ok
16:10:53.0736 1232 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:10:53.0736 1232 LVPr2Mon - ok
16:10:54.0311 1232 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
16:10:54.0319 1232 LVPrcS64 - ok
16:10:54.0405 1232 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
16:10:54.0409 1232 LVRS64 - ok
16:10:54.0525 1232 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:10:54.0637 1232 LVUVC64 - ok
16:10:54.0674 1232 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
16:10:54.0677 1232 MarvinBus - ok
16:10:54.0718 1232 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:10:54.0721 1232 MBAMProtector - ok
16:10:54.0778 1232 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:10:54.0783 1232 MBAMService - ok
16:10:54.0803 1232 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:10:54.0806 1232 Mcx2Svc - ok
16:10:54.0875 1232 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
16:10:54.0878 1232 MDM - ok
16:10:54.0896 1232 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:10:54.0908 1232 megasas - ok
16:10:54.0933 1232 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:10:54.0936 1232 MegaSR - ok
16:10:54.0962 1232 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:10:54.0965 1232 MMCSS - ok
16:10:54.0983 1232 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:10:54.0985 1232 Modem - ok
16:10:55.0011 1232 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:10:55.0011 1232 monitor - ok
16:10:55.0046 1232 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:10:55.0049 1232 mouclass - ok
16:10:55.0068 1232 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:10:55.0070 1232 mouhid - ok
16:10:55.0096 1232 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:10:55.0100 1232 mountmgr - ok
16:10:55.0128 1232 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:10:55.0131 1232 mpio - ok
16:10:55.0152 1232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:10:55.0155 1232 mpsdrv - ok
16:10:55.0188 1232 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:10:55.0190 1232 MRxDAV - ok
16:10:55.0629 1232 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:55.0633 1232 mrxsmb - ok
16:10:55.0744 1232 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:55.0747 1232 mrxsmb10 - ok
16:10:55.0770 1232 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:55.0773 1232 mrxsmb20 - ok
16:10:55.0941 1232 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:10:55.0942 1232 msahci - ok
16:10:56.0130 1232 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:10:56.0132 1232 msdsm - ok
16:10:56.0164 1232 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:10:56.0167 1232 MSDTC - ok
16:10:56.0197 1232 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:10:56.0200 1232 Msfs - ok
16:10:56.0219 1232 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:10:56.0220 1232 mshidkmdf - ok
16:10:56.0238 1232 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:10:56.0240 1232 msisadrv - ok
16:10:56.0267 1232 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:10:56.0269 1232 MSiSCSI - ok
16:10:56.0299 1232 msiserver - ok
16:10:56.0326 1232 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:10:56.0329 1232 MSKSSRV - ok
16:10:56.0341 1232 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:10:56.0343 1232 MSPCLOCK - ok
16:10:56.0355 1232 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:10:56.0357 1232 MSPQM - ok
16:10:56.0383 1232 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:10:56.0389 1232 MsRPC - ok
16:10:56.0416 1232 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:10:56.0417 1232 mssmbios - ok
16:10:56.0441 1232 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:10:56.0444 1232 MSTEE - ok
16:10:56.0460 1232 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:10:56.0462 1232 MTConfig - ok
16:10:56.0481 1232 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:10:56.0485 1232 Mup - ok
16:10:56.0517 1232 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:10:56.0523 1232 napagent - ok
16:10:56.0558 1232 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:10:56.0562 1232 NativeWifiP - ok
16:10:56.0878 1232 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120401.016\ENG64.SYS
16:10:56.0885 1232 NAVENG - ok
16:10:56.0977 1232 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120401.016\EX64.SYS
16:10:57.0038 1232 NAVEX15 - ok
16:10:57.0093 1232 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:10:57.0103 1232 NDIS - ok
16:10:57.0550 1232 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:10:57.0597 1232 NdisCap - ok
16:10:57.0666 1232 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:10:57.0668 1232 NdisTapi - ok
16:10:57.0695 1232 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:10:57.0697 1232 Ndisuio - ok
16:10:57.0728 1232 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:10:57.0731 1232 NdisWan - ok
16:10:57.0748 1232 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:10:57.0750 1232 NDProxy - ok
16:10:58.0076 1232 Nero BackItUp Scheduler 4.0 (0ff3c6aa3e0fe0eb316df5449b569463) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
16:10:58.0086 1232 Nero BackItUp Scheduler 4.0 - ok
16:10:58.0249 1232 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:10:58.0255 1232 NetBIOS - ok
16:10:58.0327 1232 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:10:58.0331 1232 NetBT - ok
16:10:58.0359 1232 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:10:58.0360 1232 Netlogon - ok
16:10:58.0569 1232 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:10:58.0576 1232 Netman - ok
16:10:58.0678 1232 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:58.0680 1232 NetMsmqActivator - ok
16:10:58.0685 1232 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:58.0687 1232 NetPipeActivator - ok
16:10:58.0749 1232 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:10:58.0755 1232 netprofm - ok
16:10:58.0765 1232 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:58.0766 1232 NetTcpActivator - ok
16:10:58.0772 1232 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:10:58.0773 1232 NetTcpPortSharing - ok
16:10:58.0801 1232 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:10:58.0804 1232 nfrd960 - ok
16:10:58.0871 1232 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
16:10:58.0872 1232 NIS - ok
16:10:58.0915 1232 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:10:58.0919 1232 NlaSvc - ok
16:10:58.0922 1232 Norton Ghost - ok
16:10:58.0937 1232 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:10:58.0940 1232 Npfs - ok
16:10:58.0955 1232 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:10:58.0958 1232 nsi - ok
16:10:58.0971 1232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:10:58.0973 1232 nsiproxy - ok
16:10:59.0022 1232 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:10:59.0057 1232 Ntfs - ok
16:10:59.0070 1232 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:10:59.0072 1232 Null - ok
16:10:59.0097 1232 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:10:59.0099 1232 nvraid - ok
16:10:59.0124 1232 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:10:59.0127 1232 nvstor - ok
16:10:59.0157 1232 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:10:59.0161 1232 nv_agp - ok
16:10:59.0183 1232 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:10:59.0186 1232 ohci1394 - ok
16:10:59.0252 1232 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:10:59.0255 1232 ose - ok
16:10:59.0378 1232 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:10:59.0457 1232 osppsvc - ok
16:10:59.0478 1232 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:10:59.0482 1232 p2pimsvc - ok
16:10:59.0506 1232 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:10:59.0512 1232 p2psvc - ok
16:10:59.0576 1232 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:10:59.0590 1232 Parport - ok
16:10:59.0702 1232 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:10:59.0704 1232 partmgr - ok
16:10:59.0755 1232 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:10:59.0759 1232 PcaSvc - ok
16:10:59.0877 1232 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:10:59.0879 1232 pci - ok
16:10:59.0935 1232 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:10:59.0937 1232 pciide - ok
16:11:00.0091 1232 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\Windows\SysWOW64\drivers\pclepci.sys
16:11:00.0107 1232 PCLEPCI - ok
16:11:00.0155 1232 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:11:00.0158 1232 pcmcia - ok
16:11:00.0208 1232 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:11:00.0213 1232 pcw - ok
16:11:00.0329 1232 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:11:00.0347 1232 PEAUTH - ok
16:11:00.0373 1232 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:11:00.0376 1232 PerfHost - ok
16:11:00.0453 1232 PhotoshopElementsDeviceConnect (e9ca440fe7a5957eb2eb0c587958dd29) C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
16:11:00.0454 1232 PhotoshopElementsDeviceConnect - ok
16:11:00.0494 1232 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:11:00.0523 1232 pla - ok
16:11:00.0563 1232 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:11:00.0569 1232 PlugPlay - ok
16:11:00.0586 1232 PnkBstrA - ok
16:11:00.0613 1232 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:11:00.0616 1232 PNRPAutoReg - ok
16:11:00.0635 1232 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:11:00.0638 1232 PNRPsvc - ok
16:11:00.0663 1232 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:11:00.0669 1232 PolicyAgent - ok
16:11:00.0720 1232 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:11:00.0723 1232 Power - ok
16:11:00.0824 1232 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:11:00.0827 1232 PptpMiniport - ok
16:11:00.0966 1232 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:11:00.0969 1232 Processor - ok
16:11:00.0989 1232 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:11:00.0993 1232 ProfSvc - ok
16:11:01.0023 1232 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:01.0024 1232 ProtectedStorage - ok
16:11:01.0093 1232 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\SysWOW64\PSIService.exe
16:11:01.0096 1232 ProtexisLicensing - ok
16:11:01.0125 1232 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:11:01.0127 1232 Psched - ok
16:11:01.0161 1232 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:11:01.0163 1232 PxHlpa64 - ok
16:11:01.0222 1232 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:11:01.0245 1232 ql2300 - ok
16:11:01.0277 1232 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:11:01.0281 1232 ql40xx - ok
16:11:01.0340 1232 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:11:01.0345 1232 QWAVE - ok
16:11:01.0368 1232 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:11:01.0370 1232 QWAVEdrv - ok
16:11:01.0389 1232 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:11:01.0391 1232 RasAcd - ok
16:11:01.0430 1232 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:11:01.0432 1232 RasAgileVpn - ok
16:11:01.0450 1232 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:11:01.0453 1232 RasAuto - ok
16:11:01.0473 1232 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:11:01.0476 1232 Rasl2tp - ok
16:11:01.0504 1232 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:11:01.0509 1232 RasMan - ok
16:11:01.0529 1232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:11:01.0532 1232 RasPppoe - ok
16:11:01.0549 1232 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:11:01.0552 1232 RasSstp - ok
16:11:01.0568 1232 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:11:01.0572 1232 rdbss - ok
16:11:01.0621 1232 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:11:01.0623 1232 rdpbus - ok
16:11:01.0699 1232 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:11:01.0703 1232 RDPCDD - ok
16:11:01.0861 1232 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:11:01.0864 1232 RDPENCDD - ok
16:11:02.0068 1232 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:11:02.0070 1232 RDPREFMP - ok
16:11:02.0118 1232 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:11:02.0120 1232 RDPWD - ok
16:11:02.0154 1232 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:11:02.0157 1232 rdyboost - ok
16:11:02.0179 1232 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:11:02.0184 1232 RemoteAccess - ok
16:11:02.0201 1232 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:11:02.0204 1232 RemoteRegistry - ok
16:11:02.0217 1232 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:11:02.0220 1232 RpcEptMapper - ok
16:11:02.0246 1232 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:11:02.0249 1232 RpcLocator - ok
16:11:02.0276 1232 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:11:02.0281 1232 RpcSs - ok
16:11:02.0298 1232 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:11:02.0302 1232 rspndr - ok
16:11:02.0329 1232 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:02.0331 1232 SamSs - ok
16:11:02.0354 1232 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:11:02.0357 1232 sbp2port - ok
16:11:02.0380 1232 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:11:02.0384 1232 SCardSvr - ok
16:11:02.0404 1232 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:11:02.0407 1232 scfilter - ok
16:11:02.0446 1232 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:11:02.0474 1232 Schedule - ok
16:11:02.0500 1232 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:11:02.0501 1232 SCPolicySvc - ok
16:11:02.0529 1232 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:11:02.0533 1232 SDRSVC - ok
16:11:02.0585 1232 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:11:02.0589 1232 SeaPort - ok
16:11:02.0620 1232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:11:02.0636 1232 secdrv - ok
16:11:02.0675 1232 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:11:03.0169 1232 seclogon - ok
16:11:03.0368 1232 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:11:03.0374 1232 SENS - ok
16:11:03.0430 1232 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:11:03.0434 1232 SensrSvc - ok
16:11:03.0509 1232 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:11:03.0511 1232 Serenum - ok
16:11:03.0615 1232 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:11:03.0618 1232 Serial - ok
16:11:03.0715 1232 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:11:03.0719 1232 sermouse - ok
16:11:03.0815 1232 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:11:03.0820 1232 SessionEnv - ok
16:11:03.0861 1232 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:11:03.0863 1232 sffdisk - ok
16:11:04.0075 1232 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:11:04.0077 1232 sffp_mmc - ok
16:11:04.0319 1232 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:11:04.0325 1232 sffp_sd - ok
16:11:04.0448 1232 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:11:04.0450 1232 sfloppy - ok
16:11:04.0696 1232 SftService (beb504962e36d6f368ebfc702a659e09) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:11:04.0777 1232 SftService - ok
16:11:04.0992 1232 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:11:04.0997 1232 SharedAccess - ok
16:11:05.0142 1232 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:11:05.0182 1232 ShellHWDetection - ok
16:11:05.0313 1232 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:11:05.0316 1232 SiSRaid2 - ok
16:11:05.0364 1232 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:11:05.0367 1232 SiSRaid4 - ok
16:11:05.0544 1232 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:11:05.0546 1232 Smb - ok
16:11:05.0672 1232 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:11:05.0676 1232 SNMPTRAP - ok
16:11:05.0702 1232 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:11:05.0704 1232 spldr - ok
16:11:06.0266 1232 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:11:06.0319 1232 Spooler - ok
16:11:07.0966 1232 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:11:08.0043 1232 sppsvc - ok
16:11:09.0172 1232 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:11:09.0177 1232 sppuinotify - ok
16:11:09.0641 1232 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
16:11:09.0645 1232 sprtsvc_DellSupportCenter - ok
16:11:10.0651 1232 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
16:11:10.0662 1232 SRTSP - ok
16:11:11.0671 1232 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
16:11:11.0674 1232 SRTSPX - ok
16:11:11.0976 1232 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:11:12.0097 1232 srv - ok
16:11:12.0190 1232 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:11:12.0240 1232 srv2 - ok
16:11:12.0414 1232 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:11:12.0416 1232 srvnet - ok
16:11:12.0563 1232 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:11:12.0567 1232 SSDPSRV - ok
16:11:12.0743 1232 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:11:12.0745 1232 SstpSvc - ok
16:11:12.0981 1232 Steam Client Service - ok
16:11:13.0218 1232 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:11:13.0225 1232 stexstor - ok
16:11:13.0346 1232 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:11:13.0349 1232 StillCam - ok
16:11:13.0527 1232 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:11:13.0594 1232 stisvc - ok
16:11:13.0786 1232 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:11:13.0799 1232 swenum - ok
16:11:14.0637 1232 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:11:14.0671 1232 swprv - ok
16:11:15.0495 1232 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
16:11:15.0541 1232 SymDS - ok
16:11:15.0861 1232 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
16:11:15.0892 1232 SymEFA - ok
16:11:16.0167 1232 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:11:16.0176 1232 SymEvent - ok
16:11:16.0446 1232 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
16:11:16.0449 1232 SymIRON - ok
16:11:16.0574 1232 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
16:11:16.0610 1232 SymNetS - ok
16:11:16.0825 1232 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys
16:11:16.0837 1232 symsnap - ok
16:11:16.0975 1232 SymSnapService - ok
16:11:17.0075 1232 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:11:17.0112 1232 SysMain - ok
16:11:17.0138 1232 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:11:17.0141 1232 TabletInputService - ok
16:11:17.0174 1232 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:11:17.0181 1232 TapiSrv - ok
16:11:17.0222 1232 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:11:17.0225 1232 TBS - ok
16:11:18.0354 1232 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:11:18.0407 1232 Tcpip - ok
16:11:20.0845 1232 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:11:20.0855 1232 TCPIP6 - ok
16:11:21.0844 1232 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:11:21.0848 1232 tcpipreg - ok
16:11:22.0202 1232 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:11:22.0223 1232 TDPIPE - ok
16:11:22.0348 1232 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:11:22.0349 1232 TDTCP - ok
16:11:22.0464 1232 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:11:22.0466 1232 tdx - ok
16:11:22.0563 1232 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:11:22.0565 1232 TermDD - ok
16:11:22.0750 1232 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:11:22.0800 1232 TermService - ok
16:11:22.0911 1232 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:11:22.0913 1232 Themes - ok
16:11:23.0024 1232 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:11:23.0026 1232 THREADORDER - ok
16:11:23.0086 1232 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:11:23.0089 1232 TrkWks - ok
16:11:23.0318 1232 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:11:23.0320 1232 TrustedInstaller - ok
16:11:23.0419 1232 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:11:23.0421 1232 tssecsrv - ok
16:11:23.0697 1232 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:11:23.0699 1232 TsUsbFlt - ok
16:11:24.0155 1232 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:11:24.0157 1232 tunnel - ok
16:11:24.0289 1232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:11:24.0295 1232 uagp35 - ok
16:11:24.0444 1232 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:11:24.0452 1232 udfs - ok
16:11:24.0529 1232 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:11:24.0532 1232 UI0Detect - ok
16:11:24.0594 1232 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:11:24.0595 1232 uliagpkx - ok
16:11:24.0651 1232 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:11:24.0653 1232 umbus - ok
16:11:24.0744 1232 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:11:24.0745 1232 UmPass - ok
16:11:24.0849 1232 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:11:24.0948 1232 upnphost - ok
16:11:25.0084 1232 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:11:25.0087 1232 USBAAPL64 - ok
16:11:25.0245 1232 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:11:25.0247 1232 usbaudio - ok
16:11:25.0309 1232 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:11:25.0312 1232 usbccgp - ok
16:11:25.0471 1232 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:11:25.0477 1232 usbcir - ok
16:11:25.0530 1232 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:11:25.0536 1232 usbehci - ok
16:11:25.0654 1232 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:11:25.0694 1232 usbhub - ok
16:11:26.0049 1232 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:11:26.0051 1232 usbohci - ok
16:11:26.0082 1232 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:11:26.0084 1232 usbprint - ok
16:11:26.0107 1232 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:11:26.0110 1232 usbscan - ok
16:11:26.0169 1232 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:11:26.0171 1232 USBSTOR - ok
16:11:26.0253 1232 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:11:26.0261 1232 usbuhci - ok
16:11:26.0327 1232 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:11:26.0330 1232 usbvideo - ok
16:11:26.0426 1232 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:11:26.0428 1232 UxSms - ok
16:11:26.0612 1232 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:26.0613 1232 VaultSvc - ok
16:11:26.0636 1232 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:11:26.0643 1232 vdrvroot - ok
16:11:26.0935 1232 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:11:26.0962 1232 vds - ok
16:11:27.0186 1232 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:11:27.0193 1232 vga - ok
16:11:27.0244 1232 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:11:27.0249 1232 VgaSave - ok
16:11:27.0369 1232 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:11:27.0372 1232 vhdmp - ok
16:11:27.0429 1232 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:11:27.0434 1232 viaide - ok
16:11:27.0488 1232 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:11:27.0490 1232 volmgr - ok
16:11:27.0681 1232 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:11:27.0779 1232 volmgrx - ok
16:11:27.0933 1232 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:11:27.0974 1232 volsnap - ok
16:11:28.0082 1232 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:11:28.0084 1232 vsmraid - ok
16:11:28.0678 1232 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:11:28.0739 1232 VSS - ok
16:11:28.0787 1232 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:11:28.0792 1232 vwifibus - ok
16:11:29.0054 1232 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:11:29.0059 1232 W32Time - ok
16:11:29.0160 1232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:11:29.0166 1232 WacomPen - ok
16:11:29.0217 1232 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:11:29.0219 1232 WANARP - ok
16:11:29.0223 1232 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:11:29.0224 1232 Wanarpv6 - ok
16:11:29.0797 1232 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:11:29.0825 1232 WatAdminSvc - ok
16:11:30.0377 1232 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:11:30.0436 1232 wbengine - ok
16:11:30.0495 1232 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:11:30.0499 1232 WbioSrvc - ok
16:11:30.0830 1232 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:11:30.0835 1232 wcncsvc - ok
16:11:30.0851 1232 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:11:30.0854 1232 WcsPlugInService - ok
16:11:30.0927 1232 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:11:30.0929 1232 Wd - ok
16:11:31.0096 1232 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:11:31.0130 1232 Wdf01000 - ok
16:11:31.0150 1232 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:11:31.0154 1232 WdiServiceHost - ok
16:11:31.0158 1232 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:11:31.0160 1232 WdiSystemHost - ok
16:11:31.0360 1232 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:11:31.0364 1232 WebClient - ok
16:11:31.0384 1232 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:11:31.0388 1232 Wecsvc - ok
16:11:31.0404 1232 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:11:31.0406 1232 wercplsupport - ok
16:11:31.0449 1232 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:11:31.0452 1232 WerSvc - ok
16:11:31.0465 1232 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:11:31.0466 1232 WfpLwf - ok
16:11:31.0494 1232 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
16:11:31.0496 1232 WimFltr - ok
16:11:31.0513 1232 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:11:31.0515 1232 WIMMount - ok
16:11:31.0560 1232 WinDefend - ok
16:11:31.0579 1232 WinHttpAutoProxySvc - ok
16:11:31.0626 1232 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:11:31.0629 1232 Winmgmt - ok
16:11:31.0680 1232 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:11:31.0715 1232 WinRM - ok
16:11:31.0762 1232 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:11:31.0764 1232 WinUsb - ok
16:11:31.0873 1232 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:11:31.0957 1232 Wlansvc - ok
16:11:32.0660 1232 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:11:32.0870 1232 wlcrasvc - ok
16:11:34.0042 1232 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:11:34.0138 1232 wlidsvc - ok
16:11:34.0224 1232 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:11:34.0226 1232 WmiAcpi - ok
16:11:34.0266 1232 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:11:34.0269 1232 wmiApSrv - ok
16:11:34.0305 1232 WMPNetworkSvc - ok
16:11:34.0330 1232 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:11:34.0332 1232 WPCSvc - ok
16:11:34.0358 1232 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:11:34.0362 1232 WPDBusEnum - ok
16:11:34.0382 1232 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:11:34.0384 1232 ws2ifsl - ok
16:11:34.0415 1232 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
16:11:34.0417 1232 WsAudio_DeviceS(1) - ok
16:11:34.0443 1232 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
16:11:34.0446 1232 WsAudio_DeviceS(2) - ok
16:11:34.0470 1232 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
16:11:34.0472 1232 WsAudio_DeviceS(3) - ok
16:11:34.0492 1232 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
16:11:34.0493 1232 WsAudio_DeviceS(4) - ok
16:11:34.0509 1232 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
16:11:34.0510 1232 WsAudio_DeviceS(5) - ok
16:11:34.0541 1232 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:11:34.0544 1232 wscsvc - ok
16:11:34.0551 1232 WSearch - ok
16:11:34.0608 1232 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:11:34.0663 1232 wuauserv - ok
16:11:34.0696 1232 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:11:34.0699 1232 WudfPf - ok
16:11:34.0723 1232 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:11:34.0727 1232 wudfsvc - ok
16:11:34.0754 1232 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:11:34.0758 1232 WwanSvc - ok
16:11:34.0791 1232 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0
16:11:34.0813 1232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:11:34.0813 1232 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:11:34.0819 1232 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
16:11:37.0138 1232 \Device\Harddisk1\DR2 - ok
16:11:37.0158 1232 Boot (0x1200) (44f1310fa741f0e41a73eac3eabb9c9e) \Device\Harddisk0\DR0\Partition0
16:11:37.0160 1232 \Device\Harddisk0\DR0\Partition0 - ok
16:11:37.0173 1232 Boot (0x1200) (a897305a2ce6d2ee03432fa738c578a7) \Device\Harddisk0\DR0\Partition1
16:11:37.0175 1232 \Device\Harddisk0\DR0\Partition1 - ok
16:11:37.0179 1232 Boot (0x1200) (39771a1639f0d567dc9a1a24e698271c) \Device\Harddisk1\DR2\Partition0
16:11:37.0180 1232 \Device\Harddisk1\DR2\Partition0 - ok
16:11:37.0181 1232 ============================================================
16:11:37.0181 1232 Scan finished
16:11:37.0181 1232 ============================================================
16:11:37.0196 4656 Detected object count: 2
16:11:37.0196 4656 Actual detected object count: 2
16:12:05.0266 4656 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:12:05.0266 4656 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:12:05.0350 4656 \Device\Harddisk0\DR0\# - copied to quarantine
16:12:05.0351 4656 \Device\Harddisk0\DR0 - copied to quarantine
16:12:05.0402 4656 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:12:05.0406 4656 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:12:05.0412 4656 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:12:05.0417 4656 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:12:05.0438 4656 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:12:05.0448 4656 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:12:05.0450 4656 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:12:05.0452 4656 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:12:05.0454 4656 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:12:05.0458 4656 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:12:05.0464 4656 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:12:05.0466 4656 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:12:05.0492 4656 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:12:05.0495 4656 \Device\Harddisk0\DR0 - ok
16:12:05.0500 4656 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:12:08.0965 0940 Deinitialize success








Here are the results for ASWMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 17:27:17
-----------------------------
17:27:17.627 OS Version: Windows x64 6.1.7601 Service Pack 1
17:27:17.627 Number of processors: 3 586 0x502
17:27:17.627 ComputerName: SUNIL-PC UserName: Sunil
17:27:20.732 Initialze error C000010E - driver not loaded
17:27:25.225 AVAST engine defs: 12040201
17:27:48.917 Service scanning
17:28:07.497 Modules scanning
17:28:07.497 Disk 0 trace - called modules:
17:28:07.497
17:28:15.593 AVAST engine scan C:\Windows
17:28:26.732 AVAST engine scan C:\Windows\system32
17:31:30.177 AVAST engine scan C:\Windows\system32\drivers
17:31:59.583 AVAST engine scan C:\Users\Sunil
17:52:05.278 AVAST engine scan C:\ProgramData
17:56:13.912 Scan finished successfully
18:03:26.189 The log file has been saved successfully to "C:\Users\Sunil\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 02 April 2012 - 06:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\ezcxlr72.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 02 April 2012 - 08:35 PM

HI, when trying to run combofix, it asked me to stop any real time scanners. It said I was running Norton Internet Security's antivirus and antispyware. I disabled the Antivirus Auto-protect, and that stopped the antivirus, but it is still saying I have an antispyware running. How would I disable this? Should I disable the Smart Firewall?
Thanks

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 03 April 2012 - 06:39 AM

stop what you can and go ahead and run combofix



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 03 April 2012 - 07:39 PM

HI,all the crashing problems have gone away, and the computer seems to be working fine. I don't know if this means anything, but the layout of windows looks a little different, but nothing too important. Here is the log:
Thanks for all the Help!


ComboFix 12-04-01.03 - Sunil 04/03/2012 18:55:51.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4546 [GMT -4:00]
Running from: c:\users\Sunil\Desktop\ComboFix.exe
Command switches used :: c:\users\Sunil\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 23:09 . 2012-04-03 23:09 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-04-03 23:09 . 2012-04-03 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 07:00 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-03 07:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-03 07:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 20:12 . 2012-04-02 20:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-02 01:20 . 2012-04-02 01:20 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-02 00:33 . 2012-04-02 01:20 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 19:12 . 2012-03-26 19:12 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 19:12 . 2012-03-26 19:12 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-23 11:10 . 2012-04-01 02:11 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-14 04:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:13 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:13 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:13 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:13 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:13 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:13 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:13 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 02:03 . 2012-03-08 02:03 -------- d-----w- c:\programdata\ATI
2012-03-08 01:57 . 2012-03-08 01:57 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-08 01:57 . 2012-03-08 01:57 -------- d-----w- c:\program files\AMD
2012-03-08 01:57 . 2012-03-08 01:57 -------- d-----w- c:\program files (x86)\AMD
2012-03-08 01:57 . 2012-03-08 01:57 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 01:20 . 2011-05-28 02:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 11:11 . 2012-01-29 02:27 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-04 02:52 . 2010-07-26 00:01 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-04 02:50 . 2010-07-28 01:15 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-04 02:50 . 2010-07-28 01:13 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-03 23:32 . 2010-07-28 01:13 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-12-06 03:17 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-10-27 07:54 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 03:05 . 2012-02-15 03:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 03:05 . 2012-02-15 03:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 03:05 . 2012-02-15 03:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 03:05 . 2012-02-15 03:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 03:05 . 2012-02-15 03:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 03:04 . 2012-02-15 03:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 03:03 . 2012-02-15 03:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 03:03 . 2012-02-15 03:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2010-07-12 17:08 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-12-06 02:33 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-12-06 02:28 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-10-27 07:15 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-10-27 07:13 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-11-10 02:11 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-15 00:41 . 2010-07-28 01:13 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-01_23.48.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-01 03:58 . 2012-04-02 21:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2012-04-01 03:58 . 2012-04-01 03:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2012-04-01 03:58 . 2012-04-02 21:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2012-04-01 03:58 . 2012-04-01 03:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2012-04-01 03:58 . 2012-04-02 21:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2012-04-01 03:58 . 2012-04-01 03:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2012-04-02 16:36 . 2012-04-02 17:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040220120403\index.dat
+ 2012-04-02 16:36 . 2012-04-02 11:18 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032620120402\index.dat
- 2012-03-08 01:52 . 2012-04-01 23:25 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-08 01:52 . 2012-04-02 17:49 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-07-12 14:57 . 2012-04-03 23:13 63272 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-03 23:13 45676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-16 13:45 . 2012-04-03 23:13 19992 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3040787894-4200104110-3814792442-1001_UserData.bin
- 2010-07-16 15:22 . 2012-04-01 19:57 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-16 15:22 . 2012-04-03 22:44 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-16 15:22 . 2012-04-03 22:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-16 15:22 . 2012-04-01 19:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 19:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 22:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-16 08:48 . 2012-04-01 23:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-16 08:48 . 2012-04-01 07:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-04-03 12:06 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-07-16 08:48 . 2012-04-01 23:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-16 08:48 . 2012-04-01 07:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-16 08:48 . 2012-04-01 23:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-16 08:48 . 2012-04-01 07:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-01 23:46 . 2012-04-01 23:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 23:11 . 2012-04-03 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 23:11 . 2012-04-03 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-01 23:46 . 2012-04-01 23:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-03 23:11 . 2009-10-07 05:46 131608 c:\windows\temp\logishrd\LVPrcInj02.dll
- 2012-04-01 23:46 . 2009-10-07 05:46 131608 c:\windows\temp\logishrd\LVPrcInj02.dll
+ 2012-04-03 23:11 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2012-04-01 23:46 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2012-04-02 01:20 . 2012-04-02 01:20 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-04-02 00:33 . 2012-04-02 00:33 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
+ 2012-04-02 00:33 . 2012-04-02 00:33 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.dll
+ 2012-04-02 00:33 . 2012-04-02 01:20 253600 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2010-08-13 07:20 . 2012-04-01 23:47 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-13 07:20 . 2012-04-02 17:49 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-01 23:47 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-03 23:14 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-16 23:44 . 2012-04-03 22:43 460678 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-01 23:26 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-03 07:22 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-03 07:22 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-01 23:26 121208 c:\windows\system32\perfc009.dat
+ 2012-04-02 01:20 . 2012-04-02 01:20 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_Plugin.exe
+ 2012-04-02 00:33 . 2012-04-02 00:33 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe
+ 2012-04-02 00:33 . 2012-04-02 00:33 462496 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.dll
- 2009-07-14 05:01 . 2012-04-01 02:10 452672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-03 23:10 452672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-02 01:20 . 2012-04-02 01:20 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
- 2009-07-14 04:54 . 2012-04-01 23:47 9240576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 07:20 9240576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-04-03 07:20 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-01 02:00 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-07-16 13:42 . 2012-04-03 23:10 3136032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 04:54 . 2012-04-03 07:20 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-01 23:47 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-04-03 07:16 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-14 07:20 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-04-02 01:20 . 2012-04-02 01:20 11588768 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll
+ 2010-12-02 08:15 . 2012-04-03 23:10 35510172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3040787894-4200104110-3814792442-1001-12288.dat
- 2010-12-02 08:15 . 2012-04-01 02:10 35510172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3040787894-4200104110-3814792442-1001-12288.dat
+ 2012-03-08 02:07 . 2012-04-02 20:12 10893652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sunil\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-09-14 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-12-18 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Update"="c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll" [2012-03-14 312832]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [BU]
.
c:\users\Sunil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sunil\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120403.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-01 138360]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:20]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 00:38]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-17 00:38]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3040787894-4200104110-3814792442-1001Core.job
- c:\users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 07:03]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3040787894-4200104110-3814792442-1001UA.job
- c:\users\Sunil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 07:03]
.
2012-04-03 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-04-03 c:\windows\Tasks\NeroLiveEpgUpdate-Sunil-PC_Sunil.job
- c:\program files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 17:51]
.
2012-04-03 c:\windows\Tasks\Norton Security Scan for Sunil.job
- c:\progra~2\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-17 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sunil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 531272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2117678
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sunil\AppData\Roaming\Mozilla\Firefox\Profiles\ezcxlr72.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d7,50,89,22,b4,0f,cd,01
.
[HKEY_USERS\S-1-5-21-3040787894-4200104110-3814792442-1001\Software\SecuROM\License information*]
"datasecu"=hex:c2,22,7a,08,9f,fb,78,15,45,4e,a1,9b,63,3e,f8,e3,9c,cd,94,d0,99,
01,9d,05,38,14,c8,95,05,70,1d,d5,40,5b,b0,a0,9b,01,7f,53,dd,e9,2b,02,23,97,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1f,b9,77,c6,15,a9,50,3d,04,1d,30,0a,f5,74,af,42,e4,f6,54,e5,8a,
f8,33,35,90,6d,22,ee,a3,32,dd,9b,2c,7f,56,4b,48,e3,22,9f,e5,cc,a5,42,08,55,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:1f,b9,77,c6,15,a9,50,3d,04,1d,30,0a,f5,74,af,42,e4,f6,54,e5,8a,
f8,33,35,90,6d,22,ee,a3,32,dd,9b,2c,7f,56,4b,48,e3,22,9f,e5,cc,a5,42,08,55,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\users\Sunil\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2012-04-03 19:40:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 23:40
ComboFix2.txt 2012-04-02 00:10
.
Pre-Run: 429,567,463,424 bytes free
Post-Run: 429,351,768,064 bytes free
.
- - End Of File - - B536CD59007077E57D0A1B2565EFA4F7

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 03 April 2012 - 09:09 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Advertising Center
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 03 April 2012 - 09:53 PM

Hi here is the log from malwarebytes:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sunil :: SUNIL-PC [administrator]

Protection: Enabled

4/3/2012 10:40:16 PM
mbam-log-2012-04-03 (22-40-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217044
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Tracur) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll",DllRegisterServer -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\yvfpemrj.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\seyjrfa.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

(end)




Here is the log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:32 PM, on 4/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Users\Sunil\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Users\Sunil\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Users\Sunil\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2117678
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Sunil\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Sunil\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: GenericMount Helper Service - Unknown owner - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
O23 - Service: Norton Ghost - Unknown owner - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (file missing)
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SymSnapService - Unknown owner - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17830 bytes



My computer right now is doing pretty good.
Thanks

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 03 April 2012 - 10:08 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
      O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Dropbox.lnk = Sunil\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 03 April 2012 - 11:37 PM

Hi, when trying to run ESET Online Scanner, it says this: "Can not get update. Is proxy configured?" How would I configure the proxy? or should I do something else?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:39 AM

Posted 03 April 2012 - 11:56 PM

Hello

try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings


if that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 04 April 2012 - 02:58 PM

Hi, here are the results:



C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\ProgramData\PDTxINtd0wR8YM.exe.vir a variant of Win32/Kryptik.ADNY trojan
C:\Qoobox\Quarantine\C\ProgramData\rmIhrYfwFjUdy.exe.vir a variant of Win32/Kryptik.ADNY trojan
C:\Qoobox\Quarantine\C\Windows\Fonts\0u55y4.com.vir a variant of Win32/Kryptik.ADND trojan
C:\TDSSKiller_Quarantine\02.04.2012_16.10.02\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\02.04.2012_16.10.02\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.04.2012_16.10.02\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\Users\Sunil\Desktop\Downloads\cnet_KeePass-2_16-Setup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Sunil\Desktop\Downloads\CNET_TechTracker_2_Setup.exe Win32/OpenCandy application
C:\Users\Sunil\Desktop\Downloads\pspvideo9-504-setup.exe Win32/OpenCandy application
C:\Users\Sunil\Documents\Downloads\pspvideo9-504-setup.exe Win32/OpenCandy application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users