Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post SmartHDD check and Laptop won't wake up properly


  • This topic is locked This topic is locked
52 replies to this topic

#1 Cave71

Cave71

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 01 April 2012 - 10:45 PM

I recently was infected by SmartHDD on my desktop pc. With help from BleepingComputer members, I beleive we were able to get it solved. My desktop pc appears to be working normally, as far as I can tell.

My bigger concern is that when my desktop was infected, I (stupidly) backed up a few files to a usb stick, scanned it with my antivirus/antispyware programs, found no problems and transfered/saved the files to my laptop. Immediately after I did that, my laptop started acting up. It was nonresponsive upon startup, I was able to start in safe mode and eventually figured out that if I opened the "Task Manager" just as my programs were loading, it would stay running and was "ok". Believing that the laptop had the same infection as my desktop I followed the forum post/members advice on cleaning SmartHDD from the laptop. I thought it worked because the computer starts and seems to run normally again. However, when the computer sleeps or hibernates, it wakes up fine but when I try to click on a file or folder, the system "freezes". I am able to move the curser all around the desktop but buttons don't work (with the touchpad and/or a mouse) and a little "swirling circle"(which I normally associate with windows "working" or trying to find something) starts "working" on top of my "internet access" icon in the taskbar. It just keeps spinning, no matter how long I leave it and I must hold the power bar to reboot the pc. Once I restart, it's fine until it goes to sleep again. I removed/reinstalled the touchpad drivers hoping that may fix it but it didn't.

I am including log files for both computers in hopes that someone could check them to see if we can find answers to the problem with my laptop and to verify that the infection is gone from both computers.

First is the DDS file for my desktop pc:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Andy at 22:49:08 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6051.3374 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [IE New Window Maximizer] C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
TCP: Interfaces\{E4FB1DAE-A70D-4446-BDA7-7C602C06476A} : DhcpNameServer = 64.71.255.198 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-13 89600]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-20 92216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-30 652360]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-13 1119768]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-30 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-13 2655768]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-01 05:10:48 -------- d-----w- C:\Users\Andy\AppData\Local\HP MediaSmart Video
2012-03-31 18:33:47 -------- d-----w- C:\Program Files\M-Audio
2012-03-31 18:33:47 -------- d-----w- C:\Program Files (x86)\M-Audio
2012-03-31 15:29:59 -------- d-----w- C:\Users\Andy\AppData\Roaming\HpUpdate
2012-03-31 06:59:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-03-31 06:43:13 -------- d-----w- C:\Windows\PCHEALTH
2012-03-31 06:41:03 -------- d-----w- C:\Users\Andy\AppData\Local\Microsoft Help
2012-03-31 06:36:31 -------- d-----w- C:\Program Files (x86)\gBurner
2012-03-31 06:07:14 -------- d-----w- C:\Users\Andy\AppData\Local\Adobe
2012-03-31 06:01:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 05:58:50 -------- d-----w- C:\Users\Andy\AppData\Local\Secunia PSI
2012-03-31 05:58:43 -------- d-----w- C:\Program Files (x86)\Secunia
2012-03-31 02:58:30 -------- d-----w- C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 02:58:08 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-31 02:58:08 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-30 23:48:28 -------- d-----w- C:\Program Files (x86)\Mp3tag
2012-03-30 23:41:34 -------- d-----w- C:\Users\Andy\AppData\Local\Apple Computer
2012-03-30 23:40:34 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-30 23:40:34 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-30 23:40:34 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-30 23:40:09 -------- d-----w- C:\Program Files\iPod
2012-03-30 23:40:08 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-30 23:40:08 -------- d-----w- C:\Program Files\iTunes
2012-03-30 23:40:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-30 23:39:47 -------- d-----w- C:\Users\Andy\AppData\Local\Apple
2012-03-30 23:39:22 -------- d-----w- C:\Program Files\Bonjour
2012-03-30 23:39:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-30 23:35:29 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-03-30 23:35:28 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-03-30 23:35:04 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-03-30 23:32:04 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-03-30 23:26:37 -------- d-----w- C:\Users\Andy\AppData\Local\CrashDumps
2012-03-30 23:24:57 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2012-03-30 23:24:57 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-03-30 23:24:57 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-03-30 23:23:43 -------- d-----w- C:\Program Files (x86)\SlimComputer
2012-03-30 23:21:34 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-03-30 23:18:55 -------- d-----w- C:\Program Files\PeerBlock
2012-03-30 23:16:32 54848 ----a-w- C:\Windows\System32\drivers\FSPFltd.sys
2012-03-30 23:08:13 -------- d-----w- C:\Program Files (x86)\IE New Window Maximizer
2012-03-30 23:07:36 -------- d-----w- C:\Users\Andy\Added Programs
2012-03-30 22:39:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-30 22:39:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-30 22:00:41 -------- d-----w- C:\Users\Andy\Andy
2012-03-30 21:52:59 -------- d-----w- C:\Windows\System32\SPReview
2012-03-30 21:51:53 -------- d-----w- C:\Windows\System32\EventProviders
2012-03-30 21:40:16 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-03-30 21:40:16 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-03-30 21:40:09 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-03-30 21:40:03 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-03-30 21:40:03 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2012-03-30 21:40:03 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-30 21:40:03 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2012-03-30 21:40:03 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-03-30 21:38:59 777728 ----a-w- C:\Windows\System32\gpsvc.dll
2012-03-30 21:37:59 780008 ----a-w- C:\Windows\System32\ci.dll
2012-03-30 21:36:59 4400640 ----a-w- C:\Program Files\DVD Maker\OmdProject.dll
2012-03-30 21:35:59 92160 ----a-w- C:\Windows\System32\cmstp.exe
2012-03-30 21:34:45 399872 ----a-w- C:\Windows\System32\dpx.dll
2012-03-30 21:34:45 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2012-03-30 21:34:09 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-03-30 21:34:09 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-03-30 21:32:48 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-03-30 20:50:35 -------- d-----w- C:\Intel
2012-03-30 20:49:59 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-30 20:49:58 -------- d-----w- C:\Windows\System32\Wat
2012-03-30 20:48:23 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-03-30 20:48:22 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-30 20:48:22 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-30 20:31:47 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-03-30 20:31:07 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:31:07 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-30 20:31:07 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-30 20:23:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-03-30 20:22:50 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-03-30 20:22:50 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-03-30 20:20:04 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-30 20:20:04 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-30 18:39:57 -------- d-----w- C:\ProgramData\Recovery
2012-03-30 18:37:48 -------- d-----w- C:\Users\Andy\AppData\Roaming\SoftGrid Client
2012-03-30 18:37:48 -------- d-----w- C:\Users\Andy\AppData\Local\SoftGrid Client
2012-03-30 18:37:08 -------- d-----w- C:\Users\Andy\AppData\Roaming\TP
2012-03-30 18:25:34 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-03-30 16:03:18 -------- d-----w- C:\Users\Andy\AppData\Roaming\Malwarebytes
2012-03-30 16:03:13 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 16:03:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-30 16:03:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-30 15:58:44 -------- d-----w- C:\Program Files\CCleaner
2012-03-30 15:51:42 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-30 15:51:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-30 15:27:17 -------- d-----w- C:\Users\Andy\AppData\Roaming\AVG2012
2012-03-30 15:27:01 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-30 15:26:54 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-30 15:26:54 -------- d-----w- C:\ProgramData\AVG2012
2012-03-30 15:26:54 -------- d-----w- C:\$AVG
2012-03-30 15:26:13 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-30 15:23:20 -------- d-----w- C:\ProgramData\Common Files
2012-03-30 15:23:08 -------- d-----w- C:\ProgramData\MFAData
2012-03-30 15:20:37 -------- d-----w- C:\Users\Andy\Tracing
2012-03-30 14:57:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-30 14:57:45 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-30 14:57:45 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-30 14:57:45 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-30 14:57:45 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-30 14:57:21 -------- d-----w- C:\Users\Andy\AppData\Roaming\PictureMover
2012-03-30 14:56:21 -------- d-----w- C:\Users\Andy\AppData\Local\PDFC
2012-03-30 14:56:01 -------- d-----w- C:\Users\Andy\AppData\Local\VirtualStore
2012-03-30 14:55:40 -------- d-----w- C:\Users\Andy\AppData\Local\RemEngine
.
==================== Find3M ====================
.
2012-03-30 23:31:53 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-03-30 23:31:52 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-03-30 22:17:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-30 22:17:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-22 09:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 09:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 08:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-01-18 10:23:12 38958 ----a-w- C:\Windows\System32\Repository.reg
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 22:49:29.60 ===============


DDS for my laptop:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Andy at 22:35:41 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3894.2184 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/?p=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?p=%s&type=HPNTDF&fr=chr-hp-psg
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
TCP: Interfaces\{2815D0C5-EBBE-48E4-8C19-B5A065F15D1D} : DhcpNameServer = 64.71.255.198 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-23 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-30 652360]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-7 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-23 2320920]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-1-25 547872]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-01 15:52:49 -------- d-----w- C:\Users\Andy\Music Recording
2012-04-01 15:29:28 -------- d-----w- C:\ProgramData\Synaptics
2012-04-01 15:27:28 -------- d-----w- C:\Program Files\Synaptics
2012-04-01 14:39:31 -------- d-----w- C:\Users\Andy\AppData\Local\{E3A6C3BE-DFDD-4B58-A0C2-CF013B28B99B}
2012-04-01 02:32:08 -------- d-----w- C:\Users\Andy\AppData\Local\{C75DAEF7-58D7-423B-9F22-AE16A4BBF6BA}
2012-03-31 15:49:16 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 15:46:51 -------- d-----w- C:\Users\Andy\AppData\Local\Secunia PSI
2012-03-31 15:46:37 -------- d-----w- C:\Program Files (x86)\Secunia
2012-03-31 14:31:45 -------- d-----w- C:\Users\Andy\AppData\Local\{1002B054-745B-400C-A5A9-04A38C65D348}
2012-03-31 05:49:05 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-31 03:03:11 -------- d-----w- C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 03:02:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-31 03:02:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-31 01:27:07 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 00:47:39 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B07AFF7F-5D82-47F4-96D7-2727BC574493}\mpengine.dll
2012-03-30 20:13:15 -------- d-----w- C:\Users\Andy\AppData\Local\{A5FDD98E-1C28-4144-BAF7-9BD7F6F21501}
2012-03-30 19:02:31 -------- d-----w- C:\Users\Andy\AppData\Local\{6DFF938F-A220-489C-9C5D-D12B1C433AF7}
2012-03-30 18:56:52 -------- d-----w- C:\Users\Andy\AppData\Local\{4B94B4F6-D2C5-4A9D-8F8F-F9FA5F55ECC7}
2012-03-30 17:21:32 -------- d-----w- C:\Users\Andy\AppData\Local\{5E47F0C9-7417-4B8C-8C61-02072F357839}
2012-03-30 16:07:15 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-03-30 05:20:18 -------- d-----w- C:\Users\Andy\AppData\Roaming\Malwarebytes
2012-03-30 05:19:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-30 05:19:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 15:52:36 -------- d-----w- C:\Users\Andy\AppData\Local\{EEDAF42C-957E-4EE0-BA14-23E53C371BAF}
2012-03-28 23:07:26 -------- d-----w- C:\Users\Andy\AppData\Local\{EB8331C8-C335-4DA5-B92A-3B4F280D73EB}
2012-03-28 23:07:11 -------- d-----w- C:\Users\Andy\AppData\Local\{27E2ACAE-B79A-4169-851E-85A43BBC62E8}
2012-03-19 01:54:45 -------- d-----w- C:\Users\Andy\AppData\Local\{4098B37C-A1C4-4145-B159-122884C30F0E}
2012-03-19 01:54:31 -------- d-----w- C:\Users\Andy\AppData\Local\{80F8D8D1-F79A-40DA-B35C-5387689771F5}
2012-03-17 18:06:27 -------- d-----w- C:\Users\Andy\AppData\Local\{BCC7F426-7A01-4D85-AEBA-C0C31B23F0DB}
2012-03-16 18:49:43 -------- d-----w- C:\Users\Andy\AppData\Local\{BE513230-B01E-48AF-AC6D-0913036B56DE}
2012-03-16 18:49:30 -------- d-----w- C:\Users\Andy\AppData\Local\{4EF5912B-E3BA-480B-BBE5-8C4DD91CB729}
2012-03-15 22:23:12 -------- d-----w- C:\Users\Andy\AppData\Local\{A6D456FF-BAB9-4720-964C-1D7A6513B247}
2012-03-14 17:02:44 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 17:02:43 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 17:02:43 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 16:57:37 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 16:57:35 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 16:57:35 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 16:57:35 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 16:57:33 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 16:57:33 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 16:57:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 16:57:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 16:57:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 16:57:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 16:53:33 -------- d-----w- C:\Users\Andy\AppData\Local\{CBA802B6-DFC8-4B64-B034-325FC4D4A4F7}
2012-03-14 16:53:23 -------- d-----w- C:\Users\Andy\AppData\Local\{CCC9C049-9583-4C60-B485-0FB13255E66D}
2012-03-11 21:03:34 -------- d-----w- C:\Users\Andy\AppData\Roaming\Cakewalk
2012-03-11 21:00:06 -------- d-----w- C:\Program Files\Cakewalk
2012-03-11 20:57:51 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-03-11 20:57:50 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-03-11 20:57:50 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-03-11 20:57:46 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2012-03-11 20:54:09 -------- d-----w- C:\ProgramData\Cakewalk
2012-03-11 20:54:09 -------- d-----w- C:\Program Files (x86)\Cakewalk
2012-03-11 20:54:09 -------- d-----w- C:\Cakewalk Projects
2012-03-11 20:52:27 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-11 20:52:10 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-03-11 20:50:28 -------- d-----w- C:\Users\Andy\AppData\Local\{F5C3873C-E773-479B-BF5A-950118870493}
2012-03-11 20:50:17 -------- d-----w- C:\Users\Andy\AppData\Local\{A7C73967-AC77-467B-80E5-2BCCC18E7108}
2012-03-10 17:13:28 -------- d-----w- C:\Users\Andy\AppData\Local\{8E2C7135-721B-4BB1-921A-AFC298F48437}
2012-03-10 17:13:05 -------- d-----w- C:\Users\Andy\AppData\Local\{4E6D562F-1149-46A2-96DB-7A0935E4D86A}
2012-03-09 16:51:42 -------- d-----w- C:\Users\Andy\AppData\Local\{C53969F6-D2C9-4CC2-AEAB-16A79F936BE1}
2012-03-09 16:40:22 -------- d-----w- C:\Users\Andy\AppData\Local\{6DAC7A6C-BAA3-4F70-9072-9EEBC69AEF35}
2012-03-08 21:51:31 -------- d-----w- C:\Program Files\iPod
2012-03-08 21:51:30 -------- d-----w- C:\Program Files\iTunes
2012-03-08 20:49:06 -------- d-----w- C:\Users\Andy\AppData\Local\{C3E6D24B-E2C7-4865-8B0D-B824B11753F4}
2012-03-08 20:48:50 -------- d-----w- C:\Users\Andy\AppData\Local\{FD9048C4-8774-4152-918C-554033D41F3E}
2012-03-05 16:06:58 -------- d-----w- C:\Users\Andy\AppData\Local\{4F290EFE-5964-4F54-91E0-A766E3FCE318}
2012-03-05 16:06:48 -------- d-----w- C:\Users\Andy\AppData\Local\{0EE606F6-6653-4556-B850-56FEAED5E6B6}
2012-03-05 15:57:01 -------- d-----w- C:\Users\Andy\AppData\Local\{0319CC69-4AF7-4BB0-B6A2-83FE92F0A79E}
2012-03-05 15:56:51 -------- d-----w- C:\Users\Andy\AppData\Local\{B3A0CE97-84BC-4000-B57F-8549BBEB09A2}
2012-03-04 18:58:35 -------- d-----w- C:\Users\Andy\AppData\Local\{B6E6C3AC-31D0-4ACA-A6AF-56D29C776282}
2012-03-04 18:58:23 -------- d-----w- C:\Users\Andy\AppData\Local\{E646D849-8347-435A-A689-4E44EE9CB8FF}
2012-03-03 15:18:10 -------- d-----w- C:\Users\Andy\AppData\Local\{DE2C8994-97B7-4E8B-9B0C-74C63FFAE534}
2012-03-03 03:17:45 -------- d-----w- C:\Users\Andy\AppData\Local\{FBECE1D2-4B0F-47DA-8372-E0EF13061A66}
.
==================== Find3M ====================
.
2012-03-31 15:49:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-19 01:12:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-07 20:27:03 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-02-07 20:27:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-02-07 18:59:13 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-07 18:59:13 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-25 23:56:46 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 22:36:51.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 AM

Posted 07 April 2012 - 10:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448497 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 09 April 2012 - 02:37 PM

I do still need help with this situation. Unfortunately I cannot get to either of the "problem computers" (in order to run new scans) for the next 4 days, since I am out of town.

Thank you! Any help is VERY much appreciated.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 13 April 2012 - 05:38 PM

Hello and Welcome to Bleeping Computer!!

NOTE** I will help you but we need to work on one at a time - do the following below on which everone you want to start first



My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had


:busy: 4/18




Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 13 April 2012 - 06:50 PM

Thanks Gringo!

I will start with the desktop. The behavior has been "odd", but all anti-virus/malware programs are showing clean scans. I hope I can explain it all properly. The laptop was the one acting odd last week (starting windows normally it would freeze when I clicked on any icon or folder. Start in safe mode with or without internet, it did NOT lock up), I had to go away last weekend and shut down my desktop pc as usual, it appeared to be working well at that point, after the SmartHDD removal. When I returned, I switched on the desktop and it was doing the EXACT same thing as I described about the laptop. I could start in safe mode, could click all my icons and folders and they would respond - no problem. But if I started windows normally, and clicked on anything, the system would simply lock. Mouse and keyboard commands got no response, I could only see the little "swirling circle" (that I associate with windows trying to do or find "something")everything else failed to respond. It also froze completely after hibernating/sleeping.

Trying to figure this out on my own, I decided to take my laptop out of the house and see if it would work on another internet connection, and it worked(and continues to. Now it seems fine). So, I came home, removed the Ethernet cable from the desktop pc (with wireless disabled), and it functioned without locking up. Thinking that this might have something to do with my home router/network I ran a software update for it and re-connected the ethernet cable to the desktop pc, and all seems to work well again.

I have not left either computer alone long enough to see if it will freeze after hibernation - I think I would have more on that by the morning. Is it possible that "whatever" got into my system messed with my router and now my updating it has corrected the issue?

Thanks again. If I have missed something, let me know and I will correct it ASAP.
Kindest regards,

Andy

Here are the logs:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
SpywareBlaster 4.6
Spybot - Search & Destroy
Secunia PSI (2.0.0.4003)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Andy at 19:04:27 on 2012-04-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6051.4409 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Users\Andy\Desktop\SecurityCheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://ca.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Andy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
TCP: Interfaces\{E4FB1DAE-A70D-4446-BDA7-7C602C06476A} : DhcpNameServer = 64.71.255.198 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-13 89600]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-13 654408]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-13 1119768]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-30 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-13 2655768]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253088]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-13 22:29:22 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-13 22:29:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-13 22:27:11 -------- d-----w- C:\Users\Andy\AppData\Local\{88CDBCC3-BFDC-4CEA-A25A-D7C1EE923768}
2012-04-13 22:27:01 -------- d-----w- C:\Users\Andy\AppData\Local\{B662AC37-0910-41E2-AF45-8A170698F47C}
2012-04-13 22:23:14 -------- d-----w- C:\Windows\en
2012-04-13 22:23:00 -------- d-----w- C:\Windows\fr
2012-04-13 22:14:28 -------- d-----w- C:\Users\Andy\AppData\Local\{674D062B-3906-4D6F-B429-35ED759AA1BF}
2012-04-13 22:00:23 -------- d-----w- C:\Users\Andy\AppData\Roaming\Windows Live Writer
2012-04-13 22:00:23 -------- d-----w- C:\Users\Andy\AppData\Local\Windows Live Writer
2012-04-13 22:00:07 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 21:47:20 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\DSETUP.dll
2012-04-13 21:47:20 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\DXSETUP.exe
2012-04-13 21:47:20 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\dsetup32.dll
2012-04-13 21:41:33 -------- d-----w- C:\Users\Andy\AppData\Local\Windows Live
2012-04-13 21:36:02 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 21:36:01 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-13 21:36:01 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-13 21:35:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-13 21:35:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-13 21:35:58 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-13 21:35:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 00:11:14 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-05 19:26:01 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-05 19:25:32 -------- d-----w- C:\Users\Andy\AppData\Roaming\hpqLog
2012-04-05 19:25:04 -------- d-----w- C:\Users\Andy\AppData\Roaming\WinBatch
2012-04-05 19:00:15 -------- d-----w- C:\Users\Andy\AppData\Roaming\HP Support Assistant
2012-04-05 03:27:16 -------- d-----w- C:\Games
2012-04-03 15:01:43 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-04-02 14:45:37 -------- d-----w- C:\Users\Andy\AppData\Local\Logitech® Webcam Software
2012-04-02 14:43:38 -------- d-----w- C:\Users\Andy\AppData\Local\LogiShrd
2012-04-02 14:42:46 53248 ----a-r- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-02 14:42:10 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-04-02 14:23:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-02 02:58:35 -------- d-----w- C:\Users\Andy\AppData\Local\jZip
2012-04-02 02:57:14 -------- d-----w- C:\Program Files (x86)\jZip
2012-04-01 05:10:48 -------- d-----w- C:\Users\Andy\AppData\Local\HP MediaSmart Video
2012-03-31 18:33:47 -------- d-----w- C:\Program Files\M-Audio
2012-03-31 18:33:47 -------- d-----w- C:\Program Files (x86)\M-Audio
2012-03-31 15:29:59 -------- d-----w- C:\Users\Andy\AppData\Roaming\HpUpdate
2012-03-31 06:59:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-03-31 06:43:13 -------- d-----w- C:\Windows\PCHEALTH
2012-03-31 06:41:03 -------- d-----w- C:\Users\Andy\AppData\Local\Microsoft Help
2012-03-31 06:07:14 -------- d-----w- C:\Users\Andy\AppData\Local\Adobe
2012-03-31 06:01:06 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 05:58:50 -------- d-----w- C:\Users\Andy\AppData\Local\Secunia PSI
2012-03-31 05:58:43 -------- d-----w- C:\Program Files (x86)\Secunia
2012-03-31 02:58:30 -------- d-----w- C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 02:58:08 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-31 02:58:08 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-30 23:48:28 -------- d-----w- C:\Program Files (x86)\Mp3tag
2012-03-30 23:41:34 -------- d-----w- C:\Users\Andy\AppData\Local\Apple Computer
2012-03-30 23:40:34 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-30 23:40:34 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-30 23:40:34 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-30 23:40:09 -------- d-----w- C:\Program Files\iPod
2012-03-30 23:40:08 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-30 23:40:08 -------- d-----w- C:\Program Files\iTunes
2012-03-30 23:40:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-30 23:39:47 -------- d-----w- C:\Users\Andy\AppData\Local\Apple
2012-03-30 23:39:22 -------- d-----w- C:\Program Files\Bonjour
2012-03-30 23:39:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-30 23:35:29 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-03-30 23:35:28 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-03-30 23:35:04 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-03-30 23:32:04 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-03-30 23:26:37 -------- d-----w- C:\Users\Andy\AppData\Local\CrashDumps
2012-03-30 23:24:57 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2012-03-30 23:24:57 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-03-30 23:23:43 -------- d-----w- C:\Program Files (x86)\SlimComputer
2012-03-30 23:21:34 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-03-30 23:18:55 -------- d-----w- C:\Program Files\PeerBlock
2012-03-30 23:16:32 54848 ----a-w- C:\Windows\System32\drivers\FSPFltd.sys
2012-03-30 23:07:36 -------- d-----w- C:\Users\Andy\Added Programs
2012-03-30 22:39:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-30 22:39:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-30 22:00:41 -------- d-----w- C:\Users\Andy\Andy
2012-03-30 21:52:59 -------- d-----w- C:\Windows\System32\SPReview
2012-03-30 21:51:53 -------- d-----w- C:\Windows\System32\EventProviders
2012-03-30 21:40:16 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-03-30 21:40:16 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-03-30 21:40:09 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-03-30 21:40:03 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-03-30 21:40:03 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2012-03-30 21:40:03 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-30 21:40:03 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2012-03-30 21:40:03 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-03-30 21:38:59 777728 ----a-w- C:\Windows\System32\gpsvc.dll
2012-03-30 21:37:59 780008 ----a-w- C:\Windows\System32\ci.dll
2012-03-30 21:36:59 4400640 ----a-w- C:\Program Files\DVD Maker\OmdProject.dll
2012-03-30 21:35:59 92160 ----a-w- C:\Windows\System32\cmstp.exe
2012-03-30 21:34:45 399872 ----a-w- C:\Windows\System32\dpx.dll
2012-03-30 21:34:45 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2012-03-30 21:34:09 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-03-30 21:34:09 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-03-30 21:32:48 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-03-30 20:50:35 -------- d-----w- C:\Intel
2012-03-30 20:49:59 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-30 20:49:58 -------- d-----w- C:\Windows\System32\Wat
2012-03-30 20:48:23 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-03-30 20:48:22 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-30 20:48:22 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-30 20:31:47 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-03-30 20:23:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-03-30 20:22:50 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-03-30 20:22:50 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-03-30 20:20:04 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-30 20:20:04 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-30 18:39:57 -------- d-----w- C:\ProgramData\Recovery
2012-03-30 18:37:48 -------- d-----w- C:\Users\Andy\AppData\Roaming\SoftGrid Client
2012-03-30 18:37:48 -------- d-----w- C:\Users\Andy\AppData\Local\SoftGrid Client
2012-03-30 18:37:08 -------- d-----w- C:\Users\Andy\AppData\Roaming\TP
2012-03-30 18:25:34 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-03-30 16:03:18 -------- d-----w- C:\Users\Andy\AppData\Roaming\Malwarebytes
2012-03-30 16:03:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-30 15:58:44 -------- d-----w- C:\Program Files\CCleaner
2012-03-30 15:51:42 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-30 15:51:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-30 15:27:17 -------- d-----w- C:\Users\Andy\AppData\Roaming\AVG2012
2012-03-30 15:27:01 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-30 15:26:54 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-30 15:26:54 -------- d-----w- C:\ProgramData\AVG2012
2012-03-30 15:26:54 -------- d-----w- C:\$AVG
2012-03-30 15:26:13 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-30 15:23:20 -------- d-----w- C:\ProgramData\Common Files
2012-03-30 15:23:08 -------- d-----w- C:\ProgramData\MFAData
2012-03-30 15:20:37 -------- d-----w- C:\Users\Andy\Tracing
2012-03-30 14:57:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-30 14:57:45 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-30 14:57:45 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-30 14:57:45 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-30 14:57:45 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-30 14:57:21 -------- d-----w- C:\Users\Andy\AppData\Roaming\PictureMover
2012-03-30 14:56:21 -------- d-----w- C:\Users\Andy\AppData\Local\PDFC
2012-03-30 14:56:01 -------- d-----w- C:\Users\Andy\AppData\Local\VirtualStore
2012-03-30 14:55:40 -------- d-----w- C:\Users\Andy\AppData\Local\RemEngine
.
==================== Find3M ====================
.
2012-03-30 23:31:53 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-03-30 23:31:52 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-03-30 22:17:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-30 22:17:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 09:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 09:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 08:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-01-18 10:23:12 38958 ----a-w- C:\Windows\System32\Repository.reg
.
============= FINISH: 19:04:57.02 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/03/2012 10:49:17 AM
System Uptime: 13/04/2012 6:55:50 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AB6
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1384 GiB total, 1329.142 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.618 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP29: 03/04/2012 11:01:29 AM - Windows Update
RP30: 05/04/2012 3:21:58 PM - HPSF Applying updates
RP31: 05/04/2012 3:26:08 PM - Installed HP Support Assistant
RP32: 05/04/2012 3:29:23 PM - Windows Modules Installer
RP33: 05/04/2012 3:30:43 PM - Windows Modules Installer
RP34: 13/04/2012 5:35:46 PM - Windows Update
RP35: 13/04/2012 5:47:50 PM - Windows Live Essentials
RP36: 13/04/2012 5:50:25 PM - Windows Update
RP37: 13/04/2012 6:10:05 PM - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.61.0.1400
RP38: 13/04/2012 6:18:33 PM - Windows Live Essentials
RP39: 13/04/2012 6:19:23 PM - Installed DirectX
RP40: 13/04/2012 6:19:57 PM - Installed DirectX
RP41: 13/04/2012 6:20:39 PM - WLSetup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Atheros Client Installation Program
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Cake Mania
CameraHelperMsi
Chuzzle Deluxe
CyberLink DVD Suite Deluxe
D3DX10
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
erLT
Farm Frenzy
FATE
Final Drive Nitro
Galerie de photos Windows Live
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Junk Mail filter update
jZip
LabelPrint
LightScribe System Software
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Recovery Manager
Revo Uninstaller 1.93
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Ski Challenge 12 (AT)
SlimComputer
Spybot - Search & Destroy
SpywareBlaster 4.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Winamp
Winamp Detector Plug-in
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World Cup Cricket 20-20
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12/04/2012 5:36:18 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
12/04/2012 5:35:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
12/04/2012 5:22:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPAuto service.
12/04/2012 5:22:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
12/04/2012 5:22:35 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/04/2012 9:27:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/04/2012 9:27:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/04/2012 9:26:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/04/2012 9:26:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/04/2012 9:22:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/04/2012 9:22:02 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/04/2012 8:15:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/04/2012 8:13:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
11/04/2012 8:13:58 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/04/2012 10:22:14 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/04/2012 10:22:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/04/2012 10:22:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/04/2012 10:22:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/04/2012 10:22:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/04/2012 10:22:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/04/2012 10:21:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache SASDIFSV SASKUTIL spldr Wanarpv6
11/04/2012 10:09:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
11/04/2012 10:09:19 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/04/2012 10:05:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 13 April 2012 - 08:26 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 13 April 2012 - 09:06 PM

Since updating that router the pc appears to be behaving normally, at least to my untrained eye. In between posting, I changed the power settings to cause the desktop hibernate (even just for a short time) and it woke up without issue.

Thanks!
Andy

Here is the combofix log:

ComboFix 12-04-13.01 - Andy 13/04/2012 21:43:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6051.4361 [GMT -4:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 01:48 . 2012-04-14 01:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 22:29 . 2012-04-13 22:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-13 22:29 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 22:23 . 2012-04-13 22:23 -------- d-----w- c:\windows\en
2012-04-13 22:23 . 2012-04-13 22:23 -------- d-----w- c:\windows\fr
2012-04-13 22:21 . 2012-04-13 22:21 -------- d-----w- c:\program files\Windows Live
2012-04-13 22:00 . 2012-04-13 22:00 -------- d-----w- c:\windows\system32\Macromed
2012-04-13 22:00 . 2012-04-13 22:00 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 21:47 . 2012-04-13 21:47 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\DSETUP.dll
2012-04-13 21:47 . 2012-04-13 21:47 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\DXSETUP.exe
2012-04-13 21:47 . 2012-04-13 21:47 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\dsetup32.dll
2012-04-13 21:36 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 21:36 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 21:36 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 21:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 21:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 21:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 21:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 00:11 . 2012-04-13 22:00 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 19:26 . 2012-04-05 19:26 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-05 03:27 . 2012-04-05 03:27 -------- d-----w- C:\Games
2012-04-03 15:01 . 2012-04-03 15:01 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-04-02 14:42 . 2012-04-02 14:42 -------- d-----w- c:\programdata\LogiShrd
2012-04-02 14:42 . 2012-04-02 14:42 -------- d-----w- c:\programdata\Logitech
2012-04-02 14:42 . 2012-04-02 14:42 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-04-02 14:42 . 2012-04-02 14:42 -------- d-----w- c:\program files (x86)\Logitech
2012-04-02 14:23 . 2012-04-02 14:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-02 02:57 . 2012-04-02 02:57 -------- d-----w- c:\program files (x86)\jZip
2012-03-31 18:33 . 2012-03-31 18:33 -------- d-----w- c:\program files\M-Audio
2012-03-31 18:33 . 2012-03-31 18:33 -------- d-----w- c:\program files (x86)\M-Audio
2012-03-31 18:21 . 2012-04-02 14:43 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-03-31 18:21 . 2012-04-02 14:42 -------- d-----w- c:\program files\Common Files\logishrd
2012-03-31 07:00 . 2012-03-31 07:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-31 06:59 . 2012-03-31 06:59 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-03-31 06:43 . 2012-03-31 07:02 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-31 06:43 . 2012-03-31 06:43 -------- d-----w- c:\windows\PCHEALTH
2012-03-31 06:40 . 2012-04-13 21:38 -------- d-----w- c:\programdata\Microsoft Help
2012-03-31 06:40 . 2012-03-31 06:40 -------- d-----r- C:\MSOCache
2012-03-31 06:01 . 2012-04-13 22:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 05:58 . 2012-03-31 05:58 -------- d-----w- c:\program files (x86)\Secunia
2012-03-31 02:58 . 2012-04-12 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-30 23:48 . 2012-03-31 00:21 -------- d-----w- c:\program files (x86)\Mp3tag
2012-03-30 23:43 . 2012-03-31 00:21 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-30 23:40 . 2012-03-30 23:40 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-30 23:39 . 2012-03-30 23:39 -------- d-----w- c:\programdata\Apple
2012-03-30 23:35 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-03-30 23:35 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-03-30 23:35 . 2012-03-30 23:35 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-03-30 23:35 . 2012-03-30 23:35 -------- d-----w- c:\program files (x86)\Winamp
2012-03-30 23:32 . 2012-03-30 23:32 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-03-30 23:31 . 2012-03-30 23:32 -------- d-----w- c:\program files (x86)\Real
2012-03-30 23:24 . 2012-03-30 23:25 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-03-30 23:24 . 2010-01-10 22:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-03-30 23:23 . 2012-03-30 23:23 -------- d-----w- c:\program files (x86)\SlimComputer
2012-03-30 23:21 . 2012-03-30 23:21 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-03-30 23:18 . 2012-03-30 23:18 -------- d-----w- c:\program files\PeerBlock
2012-03-30 23:16 . 2010-07-22 21:13 54848 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2012-03-30 22:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-30 22:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-30 21:52 . 2012-03-30 21:52 -------- d-----w- c:\windows\system32\SPReview
2012-03-30 21:51 . 2012-03-30 21:51 -------- d-----w- c:\windows\system32\EventProviders
2012-03-30 21:40 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-30 21:40 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-30 21:40 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-30 21:40 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-03-30 21:40 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-03-30 21:40 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2012-03-30 21:40 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-30 21:40 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-03-30 21:38 . 2010-11-20 13:26 777728 ----a-w- c:\windows\system32\gpsvc.dll
2012-03-30 21:37 . 2010-11-20 13:33 140672 ----a-w- c:\windows\system32\drivers\msdsm.sys
2012-03-30 21:36 . 2010-11-20 13:27 4400640 ----a-w- c:\program files\DVD Maker\OmdProject.dll
2012-03-30 21:35 . 2010-11-20 13:27 37376 ----a-w- c:\windows\system32\shimgvw.dll
2012-03-30 21:34 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-03-30 21:34 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-03-30 21:34 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-30 21:34 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-30 21:32 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-30 21:00 . 2012-03-31 06:43 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-30 20:50 . 2012-03-30 20:50 -------- d-----w- C:\Intel
2012-03-30 20:49 . 2012-03-30 20:49 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-30 20:49 . 2012-03-30 20:49 -------- d-----w- c:\windows\system32\Wat
2012-03-30 20:48 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-30 20:48 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-30 20:48 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-30 20:31 . 2012-03-30 20:31 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-30 20:23 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-30 20:22 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-03-30 20:22 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-30 20:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-30 20:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-30 18:39 . 2012-03-30 18:40 -------- d-----w- c:\programdata\Recovery
2012-03-30 18:25 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-03-30 16:03 . 2012-03-30 16:03 -------- d-----w- c:\programdata\Malwarebytes
2012-03-30 15:58 . 2012-03-30 15:58 -------- d-----w- c:\program files\CCleaner
2012-03-30 15:51 . 2012-03-31 07:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-30 15:51 . 2012-03-30 15:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-30 15:27 . 2012-03-30 15:27 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-30 15:26 . 2012-04-13 21:50 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-30 15:26 . 2012-03-30 15:40 -------- d-----w- c:\programdata\AVG2012
2012-03-30 15:26 . 2012-03-30 15:26 -------- d-----w- C:\$AVG
2012-03-30 15:26 . 2012-03-30 15:26 -------- d-----w- c:\program files (x86)\AVG
2012-03-30 15:23 . 2012-03-30 15:23 -------- d-----w- c:\programdata\Common Files
2012-03-30 15:23 . 2012-04-13 21:50 -------- d-----w- c:\programdata\MFAData
2012-03-30 14:57 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-30 14:57 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-30 14:57 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-30 14:57 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-30 14:57 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-30 14:49 . 2012-04-05 20:57 -------- d-----w- c:\users\Andy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 22:20 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-30 23:31 . 2010-11-26 03:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-30 23:31 . 2010-11-26 03:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-30 22:17 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-30 22:17 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-18 10:44 . 2012-01-18 10:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 10:44 . 2012-01-18 10:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 10:44 . 2012-01-18 10:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 10:44 . 2012-01-18 10:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 10:44 . 2012-01-18 10:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 10:44 . 2012-01-18 10:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 10:44 . 2012-01-18 10:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 10:44 . 2012-01-18 10:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 10:44 . 2012-01-18 10:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 10:44 . 2012-01-18 10:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 10:44 . 2012-01-18 10:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 10:44 . 2012-01-18 10:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 10:44 . 2012-01-18 10:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 10:44 . 2012-01-18 10:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 10:44 . 2012-01-18 10:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-18 10:23 . 2012-01-18 10:23 38958 ----a-w- c:\windows\system32\Repository.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-30 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-06 1636872]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:00]
.
2012-04-13 c:\windows\Tasks\HPCeeScheduleForANDY-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-04-12 c:\windows\Tasks\HPCeeScheduleForAndy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ca.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-13 21:53:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 01:53
.
Pre-Run: 1,425,016,180,736 bytes free
Post-Run: 1,425,257,160,704 bytes free
.
- - End Of File - - A85A872030AC7F588FB2423E4F3AE68C

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 13 April 2012 - 09:14 PM

Greetings

I will still give things a good checkup just in case

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 13 April 2012 - 09:42 PM

Things still appear to be running well. I wasn't sure, but since I wasn't directed too turn them off, I left my antivirus/malware programs running while I did these scans. Should I have disabled them as I did for the previous scans??

Thanks!!

Here are the logs:

22:26:26.0424 4060 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:26:27.0501 4060 ============================================================
22:26:27.0501 4060 Current date / time: 2012/04/13 22:26:27.0501
22:26:27.0501 4060 SystemInfo:
22:26:27.0501 4060
22:26:27.0501 4060 OS Version: 6.1.7601 ServicePack: 1.0
22:26:27.0501 4060 Product type: Workstation
22:26:27.0501 4060 ComputerName: ANDY-HP
22:26:27.0501 4060 UserName: Andy
22:26:27.0501 4060 Windows directory: C:\Windows
22:26:27.0501 4060 System windows directory: C:\Windows
22:26:27.0501 4060 Running under WOW64
22:26:27.0501 4060 Processor architecture: Intel x64
22:26:27.0501 4060 Number of processors: 4
22:26:27.0501 4060 Page size: 0x1000
22:26:27.0501 4060 Boot type: Normal boot
22:26:27.0501 4060 ============================================================
22:26:27.0875 4060 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:27.0891 4060 \Device\Harddisk0\DR0:
22:26:27.0891 4060 MBR used
22:26:27.0891 4060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:26:27.0891 4060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xACFC2800
22:26:27.0891 4060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xACFF5000, BlocksNum 0x1A8DB30
22:26:27.0969 4060 Initialize success
22:26:27.0969 4060 ============================================================
22:26:36.0237 5512 ============================================================
22:26:36.0237 5512 Scan started
22:26:36.0237 5512 Mode: Manual;
22:26:36.0237 5512 ============================================================
22:26:36.0564 5512 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:26:36.0564 5512 !SASCORE - ok
22:26:36.0705 5512 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:26:36.0705 5512 1394ohci - ok
22:26:36.0861 5512 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:26:36.0861 5512 ACPI - ok
22:26:36.0954 5512 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:26:36.0954 5512 AcpiPmi - ok
22:26:37.0063 5512 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:26:37.0063 5512 AdobeFlashPlayerUpdateSvc - ok
22:26:37.0297 5512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:26:37.0313 5512 adp94xx - ok
22:26:37.0547 5512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:26:37.0547 5512 adpahci - ok
22:26:37.0765 5512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:26:37.0781 5512 adpu320 - ok
22:26:37.0984 5512 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:26:37.0984 5512 AeLookupSvc - ok
22:26:38.0077 5512 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
22:26:38.0077 5512 AESTFilters - ok
22:26:38.0296 5512 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:26:38.0311 5512 AFD - ok
22:26:38.0530 5512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:26:38.0530 5512 agp440 - ok
22:26:38.0733 5512 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:26:38.0733 5512 ALG - ok
22:26:38.0935 5512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:26:38.0951 5512 aliide - ok
22:26:39.0169 5512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:26:39.0169 5512 amdide - ok
22:26:39.0403 5512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:26:39.0403 5512 AmdK8 - ok
22:26:39.0731 5512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:26:39.0747 5512 AmdPPM - ok
22:26:40.0074 5512 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:26:40.0074 5512 amdsata - ok
22:26:40.0433 5512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:26:40.0433 5512 amdsbs - ok
22:26:40.0761 5512 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:26:40.0761 5512 amdxata - ok
22:26:41.0135 5512 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:26:41.0135 5512 AppID - ok
22:26:41.0463 5512 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:26:41.0463 5512 AppIDSvc - ok
22:26:41.0525 5512 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:26:41.0525 5512 Appinfo - ok
22:26:41.0603 5512 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:26:41.0603 5512 Apple Mobile Device - ok
22:26:41.0759 5512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:26:41.0759 5512 arc - ok
22:26:41.0775 5512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:26:41.0775 5512 arcsas - ok
22:26:41.0790 5512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:26:41.0790 5512 AsyncMac - ok
22:26:41.0821 5512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:26:41.0821 5512 atapi - ok
22:26:41.0868 5512 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
22:26:41.0884 5512 athr - ok
22:26:42.0024 5512 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:26:42.0040 5512 AudioEndpointBuilder - ok
22:26:42.0040 5512 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:26:42.0055 5512 AudioSrv - ok
22:26:42.0118 5512 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
22:26:42.0118 5512 Avgfwfd - ok
22:26:42.0211 5512 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
22:26:42.0227 5512 avgfws - ok
22:26:42.0352 5512 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
22:26:42.0367 5512 AVGIDSAgent - ok
22:26:42.0383 5512 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:26:42.0383 5512 AVGIDSDriver - ok
22:26:42.0414 5512 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
22:26:42.0414 5512 AVGIDSEH - ok
22:26:42.0430 5512 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
22:26:42.0430 5512 AVGIDSFilter - ok
22:26:42.0570 5512 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
22:26:42.0570 5512 Avgldx64 - ok
22:26:42.0586 5512 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:26:42.0586 5512 Avgmfx64 - ok
22:26:42.0633 5512 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:26:42.0633 5512 Avgrkx64 - ok
22:26:42.0648 5512 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
22:26:42.0648 5512 Avgtdia - ok
22:26:42.0695 5512 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:26:42.0711 5512 avgwd - ok
22:26:42.0742 5512 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:26:42.0742 5512 AxInstSV - ok
22:26:42.0898 5512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:26:42.0898 5512 b06bdrv - ok
22:26:42.0960 5512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:26:42.0960 5512 b57nd60a - ok
22:26:43.0007 5512 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:26:43.0023 5512 BDESVC - ok
22:26:43.0038 5512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:26:43.0038 5512 Beep - ok
22:26:43.0101 5512 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:26:43.0116 5512 BFE - ok
22:26:43.0147 5512 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:26:43.0163 5512 BITS - ok
22:26:43.0194 5512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:26:43.0194 5512 blbdrive - ok
22:26:43.0272 5512 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:26:43.0272 5512 Bonjour Service - ok
22:26:43.0319 5512 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:26:43.0319 5512 bowser - ok
22:26:43.0350 5512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:26:43.0366 5512 BrFiltLo - ok
22:26:43.0381 5512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:26:43.0381 5512 BrFiltUp - ok
22:26:43.0428 5512 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:26:43.0444 5512 BridgeMP - ok
22:26:43.0491 5512 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:26:43.0491 5512 Browser - ok
22:26:43.0506 5512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:26:43.0522 5512 Brserid - ok
22:26:43.0522 5512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:26:43.0522 5512 BrSerWdm - ok
22:26:43.0553 5512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:26:43.0553 5512 BrUsbMdm - ok
22:26:43.0569 5512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:26:43.0569 5512 BrUsbSer - ok
22:26:43.0569 5512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:26:43.0584 5512 BTHMODEM - ok
22:26:43.0615 5512 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:26:43.0615 5512 bthserv - ok
22:26:43.0631 5512 catchme - ok
22:26:43.0771 5512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:26:43.0771 5512 cdfs - ok
22:26:43.0818 5512 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:26:43.0818 5512 cdrom - ok
22:26:43.0865 5512 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:26:43.0865 5512 CertPropSvc - ok
22:26:43.0881 5512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:26:43.0881 5512 circlass - ok
22:26:43.0896 5512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:26:43.0912 5512 CLFS - ok
22:26:43.0927 5512 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:43.0927 5512 clr_optimization_v2.0.50727_32 - ok
22:26:43.0943 5512 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:26:43.0943 5512 clr_optimization_v2.0.50727_64 - ok
22:26:44.0005 5512 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:26:44.0005 5512 clr_optimization_v4.0.30319_32 - ok
22:26:44.0068 5512 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:26:44.0068 5512 clr_optimization_v4.0.30319_64 - ok
22:26:44.0083 5512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:26:44.0083 5512 CmBatt - ok
22:26:44.0115 5512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:26:44.0115 5512 cmdide - ok
22:26:44.0146 5512 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:26:44.0146 5512 CNG - ok
22:26:44.0177 5512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:26:44.0177 5512 Compbatt - ok
22:26:44.0208 5512 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:26:44.0208 5512 CompositeBus - ok
22:26:44.0208 5512 COMSysApp - ok
22:26:44.0224 5512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:26:44.0224 5512 crcdisk - ok
22:26:44.0255 5512 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:26:44.0271 5512 CryptSvc - ok
22:26:44.0302 5512 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:26:44.0302 5512 DcomLaunch - ok
22:26:44.0349 5512 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:26:44.0349 5512 defragsvc - ok
22:26:44.0380 5512 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:26:44.0380 5512 DfsC - ok
22:26:44.0427 5512 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:26:44.0427 5512 Dhcp - ok
22:26:44.0442 5512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:26:44.0442 5512 discache - ok
22:26:44.0458 5512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:26:44.0458 5512 Disk - ok
22:26:44.0489 5512 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:26:44.0489 5512 Dnscache - ok
22:26:44.0520 5512 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:26:44.0520 5512 dot3svc - ok
22:26:44.0551 5512 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:26:44.0551 5512 DPS - ok
22:26:44.0567 5512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:26:44.0567 5512 drmkaud - ok
22:26:44.0614 5512 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:26:44.0629 5512 DXGKrnl - ok
22:26:44.0661 5512 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:26:44.0661 5512 EapHost - ok
22:26:44.0739 5512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:26:44.0817 5512 ebdrv - ok
22:26:44.0879 5512 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:26:44.0879 5512 EFS - ok
22:26:44.0926 5512 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:26:44.0926 5512 ehRecvr - ok
22:26:44.0957 5512 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:26:44.0957 5512 ehSched - ok
22:26:44.0988 5512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:26:45.0004 5512 elxstor - ok
22:26:45.0035 5512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:26:45.0035 5512 ErrDev - ok
22:26:45.0066 5512 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:26:45.0066 5512 EventSystem - ok
22:26:45.0066 5512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:26:45.0082 5512 exfat - ok
22:26:45.0097 5512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:26:45.0097 5512 fastfat - ok
22:26:45.0129 5512 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:26:45.0144 5512 Fax - ok
22:26:45.0144 5512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:26:45.0144 5512 fdc - ok
22:26:45.0175 5512 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:26:45.0175 5512 fdPHost - ok
22:26:45.0191 5512 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:26:45.0191 5512 FDResPub - ok
22:26:45.0238 5512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:26:45.0238 5512 FileInfo - ok
22:26:45.0253 5512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:26:45.0253 5512 Filetrace - ok
22:26:45.0253 5512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:26:45.0269 5512 flpydisk - ok
22:26:45.0285 5512 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:26:45.0285 5512 FltMgr - ok
22:26:45.0331 5512 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:26:45.0347 5512 FontCache - ok
22:26:45.0378 5512 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:26:45.0378 5512 FontCache3.0.0.0 - ok
22:26:45.0394 5512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:26:45.0394 5512 FsDepends - ok
22:26:45.0425 5512 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:26:45.0425 5512 Fs_Rec - ok
22:26:45.0456 5512 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:26:45.0456 5512 fvevol - ok
22:26:45.0472 5512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:26:45.0472 5512 gagp30kx - ok
22:26:45.0534 5512 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
22:26:45.0550 5512 GameConsoleService - ok
22:26:45.0581 5512 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:26:45.0581 5512 GEARAspiWDM - ok
22:26:45.0612 5512 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:26:45.0628 5512 gpsvc - ok
22:26:45.0659 5512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:26:45.0659 5512 hcw85cir - ok
22:26:45.0706 5512 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:26:45.0706 5512 HdAudAddService - ok
22:26:45.0753 5512 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:26:45.0753 5512 HDAudBus - ok
22:26:45.0768 5512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:26:45.0768 5512 HidBatt - ok
22:26:45.0799 5512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:26:45.0799 5512 HidBth - ok
22:26:45.0815 5512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:26:45.0815 5512 HidIr - ok
22:26:45.0831 5512 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:26:45.0846 5512 hidserv - ok
22:26:45.0862 5512 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:26:45.0862 5512 HidUsb - ok
22:26:45.0909 5512 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:26:45.0909 5512 hkmsvc - ok
22:26:45.0940 5512 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:26:45.0955 5512 HomeGroupListener - ok
22:26:45.0971 5512 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:26:45.0971 5512 HomeGroupProvider - ok
22:26:46.0080 5512 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:26:46.0080 5512 HP Support Assistant Service - ok
22:26:46.0158 5512 HPAuto (da075126f867727810ee9b98b3041c4c) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
22:26:46.0158 5512 HPAuto - ok
22:26:46.0189 5512 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
22:26:46.0189 5512 HPClientSvc - ok
22:26:46.0236 5512 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:26:46.0236 5512 HPDrvMntSvc.exe - ok
22:26:46.0283 5512 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:26:46.0299 5512 hpqwmiex - ok
22:26:46.0377 5512 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:26:46.0377 5512 HpSAMD - ok
22:26:46.0439 5512 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:26:46.0439 5512 HTTP - ok
22:26:46.0470 5512 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:26:46.0470 5512 hwpolicy - ok
22:26:46.0517 5512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:26:46.0517 5512 i8042prt - ok
22:26:46.0579 5512 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
22:26:46.0579 5512 iaStor - ok
22:26:46.0611 5512 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:26:46.0626 5512 iaStorV - ok
22:26:46.0689 5512 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:26:46.0689 5512 idsvc - ok
22:26:46.0938 5512 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:26:46.0985 5512 igfx - ok
22:26:47.0047 5512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:26:47.0047 5512 iirsp - ok
22:26:47.0079 5512 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:26:47.0094 5512 IKEEXT - ok
22:26:47.0110 5512 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
22:26:47.0110 5512 Impcd - ok
22:26:47.0141 5512 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:26:47.0141 5512 IntcDAud - ok
22:26:47.0172 5512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:26:47.0172 5512 intelide - ok
22:26:47.0203 5512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:26:47.0203 5512 intelppm - ok
22:26:47.0250 5512 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:26:47.0250 5512 IPBusEnum - ok
22:26:47.0266 5512 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:26:47.0281 5512 IpFilterDriver - ok
22:26:47.0328 5512 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:26:47.0344 5512 iphlpsvc - ok
22:26:47.0375 5512 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:26:47.0375 5512 IPMIDRV - ok
22:26:47.0391 5512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:26:47.0391 5512 IPNAT - ok
22:26:47.0453 5512 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:26:47.0469 5512 iPod Service - ok
22:26:47.0484 5512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:26:47.0484 5512 IRENUM - ok
22:26:47.0515 5512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:26:47.0515 5512 isapnp - ok
22:26:47.0531 5512 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:26:47.0531 5512 iScsiPrt - ok
22:26:47.0562 5512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:26:47.0562 5512 kbdclass - ok
22:26:47.0578 5512 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:26:47.0578 5512 kbdhid - ok
22:26:47.0609 5512 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:47.0609 5512 KeyIso - ok
22:26:47.0625 5512 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:26:47.0625 5512 KSecDD - ok
22:26:47.0671 5512 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:26:47.0671 5512 KSecPkg - ok
22:26:47.0687 5512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:26:47.0687 5512 ksthunk - ok
22:26:47.0718 5512 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:26:47.0718 5512 KtmRm - ok
22:26:47.0765 5512 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:26:47.0765 5512 LanmanServer - ok
22:26:47.0812 5512 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:26:47.0812 5512 LanmanWorkstation - ok
22:26:47.0859 5512 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:26:47.0859 5512 LightScribeService - ok
22:26:47.0905 5512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:26:47.0905 5512 lltdio - ok
22:26:47.0937 5512 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:26:47.0952 5512 lltdsvc - ok
22:26:47.0968 5512 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:26:47.0983 5512 lmhosts - ok
22:26:48.0030 5512 LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:26:48.0030 5512 LMS - ok
22:26:48.0061 5512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:26:48.0061 5512 LSI_FC - ok
22:26:48.0061 5512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:26:48.0061 5512 LSI_SAS - ok
22:26:48.0077 5512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:26:48.0077 5512 LSI_SAS2 - ok
22:26:48.0093 5512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:26:48.0093 5512 LSI_SCSI - ok
22:26:48.0108 5512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:26:48.0108 5512 luafv - ok
22:26:48.0155 5512 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
22:26:48.0155 5512 LVRS64 - ok
22:26:48.0264 5512 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
22:26:48.0295 5512 LVUVC64 - ok
22:26:48.0358 5512 MADFUMIDISPORT2010 (a3b7a450c59ded98fc189b1bd4d6ab5c) C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys
22:26:48.0358 5512 MADFUMIDISPORT2010 - ok
22:26:48.0389 5512 MAUSBMIDISPORT (2e48bf22134bd7104edf51aa82a6841f) C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys
22:26:48.0405 5512 MAUSBMIDISPORT - ok
22:26:48.0420 5512 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:26:48.0420 5512 MBAMProtector - ok
22:26:48.0483 5512 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:26:48.0498 5512 MBAMService - ok
22:26:48.0561 5512 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:26:48.0561 5512 Mcx2Svc - ok
22:26:48.0576 5512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:26:48.0576 5512 megasas - ok
22:26:48.0592 5512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:26:48.0592 5512 MegaSR - ok
22:26:48.0623 5512 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:26:48.0623 5512 MEIx64 - ok
22:26:48.0685 5512 MIDISPORTAudioDevMon (2511976346fe182eb0992f6d3685facc) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
22:26:48.0701 5512 MIDISPORTAudioDevMon - ok
22:26:48.0732 5512 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:26:48.0732 5512 MMCSS - ok
22:26:48.0732 5512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:26:48.0732 5512 Modem - ok
22:26:48.0779 5512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:26:48.0779 5512 monitor - ok
22:26:48.0810 5512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:26:48.0810 5512 mouclass - ok
22:26:48.0826 5512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:26:48.0826 5512 mouhid - ok
22:26:48.0857 5512 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:26:48.0857 5512 mountmgr - ok
22:26:48.0888 5512 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:26:48.0888 5512 mpio - ok
22:26:48.0919 5512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:26:48.0919 5512 mpsdrv - ok
22:26:48.0966 5512 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:26:48.0966 5512 MpsSvc - ok
22:26:48.0997 5512 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:26:49.0013 5512 MRxDAV - ok
22:26:49.0044 5512 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:26:49.0044 5512 mrxsmb - ok
22:26:49.0060 5512 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:26:49.0075 5512 mrxsmb10 - ok
22:26:49.0075 5512 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:26:49.0091 5512 mrxsmb20 - ok
22:26:49.0107 5512 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:26:49.0107 5512 msahci - ok
22:26:49.0122 5512 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:26:49.0122 5512 msdsm - ok
22:26:49.0153 5512 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:26:49.0153 5512 MSDTC - ok
22:26:49.0185 5512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:26:49.0185 5512 Msfs - ok
22:26:49.0216 5512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:26:49.0216 5512 mshidkmdf - ok
22:26:49.0231 5512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:26:49.0231 5512 msisadrv - ok
22:26:49.0263 5512 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:26:49.0263 5512 MSiSCSI - ok
22:26:49.0278 5512 msiserver - ok
22:26:49.0309 5512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:26:49.0309 5512 MSKSSRV - ok
22:26:49.0325 5512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:26:49.0325 5512 MSPCLOCK - ok
22:26:49.0341 5512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:26:49.0341 5512 MSPQM - ok
22:26:49.0372 5512 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:26:49.0387 5512 MsRPC - ok
22:26:49.0403 5512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:26:49.0403 5512 mssmbios - ok
22:26:49.0419 5512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:26:49.0419 5512 MSTEE - ok
22:26:49.0434 5512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:26:49.0434 5512 MTConfig - ok
22:26:49.0465 5512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:26:49.0465 5512 Mup - ok
22:26:49.0512 5512 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:26:49.0512 5512 napagent - ok
22:26:49.0559 5512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:26:49.0559 5512 NativeWifiP - ok
22:26:49.0590 5512 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:26:49.0606 5512 NDIS - ok
22:26:49.0621 5512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:26:49.0637 5512 NdisCap - ok
22:26:49.0668 5512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:26:49.0668 5512 NdisTapi - ok
22:26:49.0715 5512 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:26:49.0715 5512 Ndisuio - ok
22:26:49.0746 5512 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:26:49.0746 5512 NdisWan - ok
22:26:49.0762 5512 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:26:49.0762 5512 NDProxy - ok
22:26:49.0777 5512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:26:49.0777 5512 NetBIOS - ok
22:26:49.0809 5512 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:26:49.0809 5512 NetBT - ok
22:26:49.0840 5512 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:49.0840 5512 Netlogon - ok
22:26:49.0887 5512 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:26:49.0887 5512 Netman - ok
22:26:49.0902 5512 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:26:49.0918 5512 netprofm - ok
22:26:49.0949 5512 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:49.0949 5512 NetTcpPortSharing - ok
22:26:49.0980 5512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:26:49.0980 5512 nfrd960 - ok
22:26:50.0011 5512 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:26:50.0011 5512 NlaSvc - ok
22:26:50.0027 5512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:26:50.0027 5512 Npfs - ok
22:26:50.0058 5512 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:26:50.0058 5512 nsi - ok
22:26:50.0074 5512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:26:50.0074 5512 nsiproxy - ok
22:26:50.0152 5512 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:26:50.0152 5512 Ntfs - ok
22:26:50.0183 5512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:26:50.0183 5512 Null - ok
22:26:50.0214 5512 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:26:50.0230 5512 nvraid - ok
22:26:50.0245 5512 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:26:50.0245 5512 nvstor - ok
22:26:50.0308 5512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:26:50.0308 5512 nv_agp - ok
22:26:50.0401 5512 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:26:50.0417 5512 odserv - ok
22:26:50.0479 5512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:26:50.0479 5512 ohci1394 - ok
22:26:50.0526 5512 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:26:50.0526 5512 ose - ok
22:26:50.0542 5512 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:26:50.0542 5512 p2pimsvc - ok
22:26:50.0604 5512 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:26:50.0620 5512 p2psvc - ok
22:26:50.0651 5512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:26:50.0667 5512 Parport - ok
22:26:50.0698 5512 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:26:50.0698 5512 partmgr - ok
22:26:50.0713 5512 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:26:50.0713 5512 PcaSvc - ok
22:26:50.0760 5512 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:26:50.0760 5512 pci - ok
22:26:50.0791 5512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:26:50.0791 5512 pciide - ok
22:26:50.0807 5512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:26:50.0807 5512 pcmcia - ok
22:26:50.0823 5512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:26:50.0823 5512 pcw - ok
22:26:50.0854 5512 pdfcDispatcher - ok
22:26:50.0885 5512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:26:50.0901 5512 PEAUTH - ok
22:26:50.0916 5512 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:26:50.0916 5512 PerfHost - ok
22:26:50.0979 5512 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:26:50.0994 5512 pla - ok
22:26:51.0041 5512 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:26:51.0041 5512 PlugPlay - ok
22:26:51.0057 5512 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:26:51.0072 5512 PNRPAutoReg - ok
22:26:51.0072 5512 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:26:51.0088 5512 PNRPsvc - ok
22:26:51.0119 5512 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:26:51.0119 5512 PolicyAgent - ok
22:26:51.0150 5512 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:26:51.0150 5512 Power - ok
22:26:51.0181 5512 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:26:51.0181 5512 PptpMiniport - ok
22:26:51.0197 5512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:26:51.0197 5512 Processor - ok
22:26:51.0213 5512 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:26:51.0228 5512 ProfSvc - ok
22:26:51.0244 5512 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:51.0244 5512 ProtectedStorage - ok
22:26:51.0275 5512 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:26:51.0291 5512 Psched - ok
22:26:51.0322 5512 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
22:26:51.0322 5512 PSI - ok
22:26:51.0384 5512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:26:51.0415 5512 ql2300 - ok
22:26:51.0415 5512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:26:51.0415 5512 ql40xx - ok
22:26:51.0462 5512 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:26:51.0462 5512 QWAVE - ok
22:26:51.0478 5512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:26:51.0478 5512 QWAVEdrv - ok
22:26:51.0493 5512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:26:51.0493 5512 RasAcd - ok
22:26:51.0540 5512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:26:51.0540 5512 RasAgileVpn - ok
22:26:51.0540 5512 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:26:51.0556 5512 RasAuto - ok
22:26:51.0571 5512 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:26:51.0571 5512 Rasl2tp - ok
22:26:51.0603 5512 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:26:51.0603 5512 RasMan - ok
22:26:51.0649 5512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:26:51.0649 5512 RasPppoe - ok
22:26:51.0665 5512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:26:51.0681 5512 RasSstp - ok
22:26:51.0696 5512 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:26:51.0712 5512 rdbss - ok
22:26:51.0743 5512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:26:51.0743 5512 rdpbus - ok
22:26:51.0774 5512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:26:51.0774 5512 RDPCDD - ok
22:26:51.0774 5512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:26:51.0790 5512 RDPENCDD - ok
22:26:51.0790 5512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:26:51.0790 5512 RDPREFMP - ok
22:26:51.0852 5512 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:26:51.0852 5512 RDPWD - ok
22:26:51.0883 5512 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:26:51.0883 5512 rdyboost - ok
22:26:51.0930 5512 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:26:51.0930 5512 RemoteAccess - ok
22:26:51.0946 5512 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:26:51.0946 5512 RemoteRegistry - ok
22:26:51.0977 5512 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:26:51.0977 5512 RpcEptMapper - ok
22:26:52.0008 5512 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:26:52.0008 5512 RpcLocator - ok
22:26:52.0039 5512 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:26:52.0039 5512 RpcSs - ok
22:26:52.0055 5512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:26:52.0071 5512 rspndr - ok
22:26:52.0102 5512 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:26:52.0102 5512 RTL8167 - ok
22:26:52.0133 5512 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:52.0133 5512 SamSs - ok
22:26:52.0180 5512 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:26:52.0180 5512 SASDIFSV - ok
22:26:52.0195 5512 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:26:52.0195 5512 SASKUTIL - ok
22:26:52.0242 5512 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:26:52.0242 5512 sbp2port - ok
22:26:52.0320 5512 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:26:52.0336 5512 SBSDWSCService - ok
22:26:52.0351 5512 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:26:52.0367 5512 SCardSvr - ok
22:26:52.0383 5512 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:26:52.0383 5512 scfilter - ok
22:26:52.0429 5512 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:26:52.0429 5512 Schedule - ok
22:26:52.0461 5512 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:26:52.0461 5512 SCPolicySvc - ok
22:26:52.0507 5512 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:26:52.0507 5512 SDRSVC - ok
22:26:52.0539 5512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:26:52.0539 5512 secdrv - ok
22:26:52.0570 5512 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:26:52.0570 5512 seclogon - ok
22:26:52.0617 5512 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:26:52.0632 5512 Secunia PSI Agent - ok
22:26:52.0648 5512 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
22:26:52.0648 5512 Secunia Update Agent - ok
22:26:52.0679 5512 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:26:52.0679 5512 SENS - ok
22:26:52.0695 5512 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:26:52.0695 5512 SensrSvc - ok
22:26:52.0726 5512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:26:52.0726 5512 Serenum - ok
22:26:52.0726 5512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:26:52.0741 5512 Serial - ok
22:26:52.0773 5512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:26:52.0773 5512 sermouse - ok
22:26:52.0819 5512 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:26:52.0819 5512 SessionEnv - ok
22:26:52.0851 5512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:26:52.0851 5512 sffdisk - ok
22:26:52.0866 5512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:26:52.0866 5512 sffp_mmc - ok
22:26:52.0882 5512 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:26:52.0882 5512 sffp_sd - ok
22:26:52.0882 5512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:26:52.0897 5512 sfloppy - ok
22:26:52.0929 5512 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:26:52.0929 5512 SharedAccess - ok
22:26:52.0960 5512 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:26:52.0975 5512 ShellHWDetection - ok
22:26:52.0991 5512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:26:52.0991 5512 SiSRaid2 - ok
22:26:53.0007 5512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:26:53.0007 5512 SiSRaid4 - ok
22:26:53.0007 5512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:26:53.0022 5512 Smb - ok
22:26:53.0069 5512 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:26:53.0069 5512 SNMPTRAP - ok
22:26:53.0085 5512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:26:53.0085 5512 spldr - ok
22:26:53.0116 5512 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:26:53.0116 5512 Spooler - ok
22:26:53.0209 5512 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:26:53.0272 5512 sppsvc - ok
22:26:53.0287 5512 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:26:53.0287 5512 sppuinotify - ok
22:26:53.0319 5512 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:26:53.0319 5512 srv - ok
22:26:53.0365 5512 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:26:53.0365 5512 srv2 - ok
22:26:53.0397 5512 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:26:53.0397 5512 srvnet - ok
22:26:53.0428 5512 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:26:53.0428 5512 SSDPSRV - ok
22:26:53.0459 5512 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:26:53.0459 5512 SstpSvc - ok
22:26:53.0553 5512 STacSV (e942412186178b1331f8335e30fa076f) C:\Program Files\IDT\WDM\STacSV64.exe
22:26:53.0553 5512 STacSV - ok
22:26:53.0568 5512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:26:53.0584 5512 stexstor - ok
22:26:53.0631 5512 STHDA (dcc8845692dea3477bcf6ce9d06c711f) C:\Windows\system32\DRIVERS\stwrt64.sys
22:26:53.0631 5512 STHDA - ok
22:26:53.0677 5512 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:26:53.0677 5512 stisvc - ok
22:26:53.0709 5512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:26:53.0709 5512 swenum - ok
22:26:53.0740 5512 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:26:53.0740 5512 swprv - ok
22:26:53.0818 5512 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:26:53.0833 5512 SysMain - ok
22:26:53.0865 5512 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:26:53.0865 5512 TabletInputService - ok
22:26:53.0896 5512 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:26:53.0896 5512 TapiSrv - ok
22:26:53.0927 5512 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:26:53.0927 5512 TBS - ok
22:26:53.0989 5512 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:26:54.0005 5512 Tcpip - ok
22:26:54.0067 5512 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:26:54.0067 5512 TCPIP6 - ok
22:26:54.0099 5512 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:26:54.0099 5512 tcpipreg - ok
22:26:54.0130 5512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:26:54.0130 5512 TDPIPE - ok
22:26:54.0177 5512 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:26:54.0177 5512 TDTCP - ok
22:26:54.0208 5512 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:26:54.0208 5512 tdx - ok
22:26:54.0223 5512 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:26:54.0239 5512 TermDD - ok
22:26:54.0255 5512 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:26:54.0270 5512 TermService - ok
22:26:54.0286 5512 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:26:54.0286 5512 Themes - ok
22:26:54.0317 5512 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:26:54.0317 5512 THREADORDER - ok
22:26:54.0333 5512 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:26:54.0348 5512 TrkWks - ok
22:26:54.0379 5512 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:26:54.0379 5512 TrustedInstaller - ok
22:26:54.0411 5512 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:26:54.0411 5512 tssecsrv - ok
22:26:54.0457 5512 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:26:54.0457 5512 TsUsbFlt - ok
22:26:54.0504 5512 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:26:54.0504 5512 tunnel - ok
22:26:54.0520 5512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:26:54.0520 5512 uagp35 - ok
22:26:54.0551 5512 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:26:54.0551 5512 udfs - ok
22:26:54.0582 5512 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:26:54.0582 5512 UI0Detect - ok
22:26:54.0613 5512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:26:54.0613 5512 uliagpkx - ok
22:26:54.0660 5512 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:26:54.0660 5512 umbus - ok
22:26:54.0676 5512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:26:54.0676 5512 UmPass - ok
22:26:54.0738 5512 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:26:54.0738 5512 UMVPFSrv - ok
22:26:54.0832 5512 UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:26:54.0863 5512 UNS - ok
22:26:54.0894 5512 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:26:54.0910 5512 upnphost - ok
22:26:54.0925 5512 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:26:54.0925 5512 usbaudio - ok
22:26:54.0957 5512 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:26:54.0957 5512 usbccgp - ok
22:26:54.0988 5512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:26:54.0988 5512 usbcir - ok
22:26:54.0988 5512 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:26:54.0988 5512 usbehci - ok
22:26:55.0019 5512 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:26:55.0019 5512 usbhub - ok
22:26:55.0035 5512 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:26:55.0035 5512 usbohci - ok
22:26:55.0066 5512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:26:55.0081 5512 usbprint - ok
22:26:55.0113 5512 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:26:55.0113 5512 usbscan - ok
22:26:55.0128 5512 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:26:55.0128 5512 USBSTOR - ok
22:26:55.0144 5512 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:26:55.0144 5512 usbuhci - ok
22:26:55.0159 5512 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:26:55.0159 5512 UxSms - ok
22:26:55.0191 5512 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:55.0191 5512 VaultSvc - ok
22:26:55.0222 5512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:26:55.0222 5512 vdrvroot - ok
22:26:55.0253 5512 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:26:55.0269 5512 vds - ok
22:26:55.0284 5512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:26:55.0284 5512 vga - ok
22:26:55.0300 5512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:26:55.0315 5512 VgaSave - ok
22:26:55.0331 5512 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:26:55.0331 5512 vhdmp - ok
22:26:55.0347 5512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:26:55.0362 5512 viaide - ok
22:26:55.0378 5512 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:26:55.0378 5512 volmgr - ok
22:26:55.0425 5512 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:26:55.0425 5512 volmgrx - ok
22:26:55.0456 5512 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:26:55.0456 5512 volsnap - ok
22:26:55.0471 5512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:26:55.0487 5512 vsmraid - ok
22:26:55.0549 5512 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:26:55.0581 5512 VSS - ok
22:26:55.0596 5512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:26:55.0596 5512 vwifibus - ok
22:26:55.0627 5512 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:26:55.0627 5512 vwififlt - ok
22:26:55.0674 5512 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:26:55.0674 5512 W32Time - ok
22:26:55.0690 5512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:26:55.0690 5512 WacomPen - ok
22:26:55.0721 5512 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:26:55.0721 5512 WANARP - ok
22:26:55.0737 5512 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:26:55.0737 5512 Wanarpv6 - ok
22:26:55.0815 5512 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:26:55.0830 5512 WatAdminSvc - ok
22:26:55.0877 5512 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:26:55.0893 5512 wbengine - ok
22:26:55.0908 5512 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:26:55.0908 5512 WbioSrvc - ok
22:26:55.0939 5512 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:26:55.0939 5512 wcncsvc - ok
22:26:55.0955 5512 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:26:55.0955 5512 WcsPlugInService - ok
22:26:55.0955 5512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:26:55.0971 5512 Wd - ok
22:26:55.0986 5512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:26:55.0986 5512 Wdf01000 - ok
22:26:56.0002 5512 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:26:56.0002 5512 WdiServiceHost - ok
22:26:56.0017 5512 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:26:56.0017 5512 WdiSystemHost - ok
22:26:56.0049 5512 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:26:56.0049 5512 WebClient - ok
22:26:56.0064 5512 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:26:56.0080 5512 Wecsvc - ok
22:26:56.0095 5512 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:26:56.0095 5512 wercplsupport - ok
22:26:56.0127 5512 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:26:56.0127 5512 WerSvc - ok
22:26:56.0267 5512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:26:56.0267 5512 WfpLwf - ok
22:26:56.0283 5512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:26:56.0283 5512 WIMMount - ok
22:26:56.0329 5512 WinDefend - ok
22:26:56.0329 5512 WinHttpAutoProxySvc - ok
22:26:56.0376 5512 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:26:56.0376 5512 Winmgmt - ok
22:26:56.0439 5512 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:26:56.0485 5512 WinRM - ok
22:26:56.0548 5512 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:26:56.0548 5512 Wlansvc - ok
22:26:56.0673 5512 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:26:56.0688 5512 wlidsvc - ok
22:26:56.0719 5512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:26:56.0719 5512 WmiAcpi - ok
22:26:56.0735 5512 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:26:56.0751 5512 wmiApSrv - ok
22:26:56.0751 5512 WMPNetworkSvc - ok
22:26:56.0797 5512 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:26:56.0797 5512 WPCSvc - ok
22:26:56.0829 5512 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:26:56.0844 5512 WPDBusEnum - ok
22:26:56.0860 5512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:26:56.0860 5512 ws2ifsl - ok
22:26:56.0875 5512 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:26:56.0875 5512 wscsvc - ok
22:26:56.0891 5512 WSearch - ok
22:26:56.0953 5512 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:26:57.0000 5512 wuauserv - ok
22:26:57.0031 5512 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:26:57.0031 5512 WudfPf - ok
22:26:57.0063 5512 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:26:57.0063 5512 WUDFRd - ok
22:26:57.0078 5512 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:26:57.0094 5512 wudfsvc - ok
22:26:57.0109 5512 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:26:57.0109 5512 WwanSvc - ok
22:26:57.0141 5512 MBR (0x1B8) (4b065cd62cfeb7ed45e765d5ba4a65b4) \Device\Harddisk0\DR0
22:26:57.0328 5512 \Device\Harddisk0\DR0 - ok
22:26:57.0328 5512 Boot (0x1200) (0ae6d2d37f61ad8aaba70dd4688f0fe8) \Device\Harddisk0\DR0\Partition0
22:26:57.0328 5512 \Device\Harddisk0\DR0\Partition0 - ok
22:26:57.0359 5512 Boot (0x1200) (12f1b6a4aa295140698dacbb0429da19) \Device\Harddisk0\DR0\Partition1
22:26:57.0359 5512 \Device\Harddisk0\DR0\Partition1 - ok
22:26:57.0390 5512 Boot (0x1200) (4904a4270d3c056851ac04bfa707976a) \Device\Harddisk0\DR0\Partition2
22:26:57.0390 5512 \Device\Harddisk0\DR0\Partition2 - ok
22:26:57.0390 5512 ============================================================
22:26:57.0390 5512 Scan finished
22:26:57.0390 5512 ============================================================
22:26:57.0406 5996 Detected object count: 0
22:26:57.0406 5996 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 22:31:09
-----------------------------
22:31:09.378 OS Version: Windows x64 6.1.7601 Service Pack 1
22:31:09.378 Number of processors: 4 586 0x2A07
22:31:09.378 ComputerName: ANDY-HP UserName: Andy
22:31:11.718 Initialize success
22:33:32.125 AVAST engine defs: 12041301
22:34:07.491 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:34:07.506 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
22:34:07.522 Disk 0 MBR read successfully
22:34:07.522 Disk 0 MBR scan
22:34:07.522 Disk 0 unknown MBR code
22:34:07.537 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:34:07.537 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1417093 MB offset 206848
22:34:07.584 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13595 MB offset 2902413312
22:34:07.615 Disk 0 scanning C:\Windows\system32\drivers
22:34:14.963 Service scanning
22:34:30.189 Modules scanning
22:34:30.189 Disk 0 trace - called modules:
22:34:30.204 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:34:30.719 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e26060]
22:34:30.719 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006ba0050]
22:34:34.104 AVAST engine scan C:\Windows
22:34:37.989 AVAST engine scan C:\Windows\system32
22:36:27.610 AVAST engine scan C:\Windows\system32\drivers
22:36:38.031 AVAST engine scan C:\Users\Andy
22:37:38.793 AVAST engine scan C:\ProgramData
22:38:16.857 Scan finished successfully
22:38:37.418 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
22:38:37.434 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 13 April 2012 - 09:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 13 April 2012 - 10:15 PM

I haven't noticed any problems to speak of, it seems to be running normally.

Thanks again!!

Here is the new combofix:

ComboFix 12-04-13.01 - Andy 13/04/2012 22:59:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6051.4350 [GMT -4:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
Command switches used :: c:\users\Andy\Desktop\CFScript.txt.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 03:03 . 2012-04-14 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 22:29 . 2012-04-13 22:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-13 22:29 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 22:23 . 2012-04-13 22:23 -------- d-----w- c:\windows\en
2012-04-13 22:23 . 2012-04-13 22:23 -------- d-----w- c:\windows\fr
2012-04-13 22:21 . 2012-04-13 22:21 -------- d-----w- c:\program files\Windows Live
2012-04-13 22:00 . 2012-04-13 22:00 -------- d-----w- c:\windows\system32\Macromed
2012-04-13 22:00 . 2012-04-13 22:00 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 21:47 . 2012-04-13 21:47 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\DSETUP.dll
2012-04-13 21:47 . 2012-04-13 21:47 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\DXSETUP.exe
2012-04-13 21:47 . 2012-04-13 21:47 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a43e0e1cd19bf01\dsetup32.dll
2012-04-13 21:36 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 21:36 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 21:36 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 21:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 21:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 21:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 21:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 00:11 . 2012-04-13 22:00 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 19:26 . 2012-04-05 19:26 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-05 03:27 . 2012-04-05 03:27 -------- d-----w- C:\Games
2012-04-03 15:01 . 2012-04-03 15:01 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-04-02 14:42 . 2012-04-02 14:42 -------- d-----w- c:\programdata\LogiShrd
2012-04-02 14:42 . 2012-04-02 14:42 -------- d-----w- c:\programdata\Logitech
2012-04-02 14:42 . 2012-04-02 14:42 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-04-02 14:42 . 2012-04-02 14:42 -------- d-----w- c:\program files (x86)\Logitech
2012-04-02 14:23 . 2012-04-02 14:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-02 02:57 . 2012-04-02 02:57 -------- d-----w- c:\program files (x86)\jZip
2012-03-31 18:33 . 2012-03-31 18:33 -------- d-----w- c:\program files\M-Audio
2012-03-31 18:33 . 2012-03-31 18:33 -------- d-----w- c:\program files (x86)\M-Audio
2012-03-31 18:21 . 2012-04-02 14:43 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-03-31 18:21 . 2012-04-02 14:42 -------- d-----w- c:\program files\Common Files\logishrd
2012-03-31 07:00 . 2012-03-31 07:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-31 06:59 . 2012-03-31 06:59 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-03-31 06:43 . 2012-03-31 07:02 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-31 06:43 . 2012-03-31 06:43 -------- d-----w- c:\windows\PCHEALTH
2012-03-31 06:40 . 2012-04-13 21:38 -------- d-----w- c:\programdata\Microsoft Help
2012-03-31 06:40 . 2012-03-31 06:40 -------- d-----r- C:\MSOCache
2012-03-31 06:01 . 2012-04-13 22:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 05:58 . 2012-03-31 05:58 -------- d-----w- c:\program files (x86)\Secunia
2012-03-31 02:58 . 2012-04-12 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-30 23:48 . 2012-03-31 00:21 -------- d-----w- c:\program files (x86)\Mp3tag
2012-03-30 23:43 . 2012-03-31 00:21 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-30 23:40 . 2012-03-30 23:40 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-30 23:39 . 2012-03-30 23:39 -------- d-----w- c:\programdata\Apple
2012-03-30 23:35 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-03-30 23:35 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-03-30 23:35 . 2012-03-30 23:35 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-03-30 23:35 . 2012-03-30 23:35 -------- d-----w- c:\program files (x86)\Winamp
2012-03-30 23:32 . 2012-03-30 23:32 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-03-30 23:31 . 2012-03-30 23:32 -------- d-----w- c:\program files (x86)\Real
2012-03-30 23:24 . 2012-03-30 23:25 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-03-30 23:24 . 2010-01-10 22:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-03-30 23:23 . 2012-03-30 23:23 -------- d-----w- c:\program files (x86)\SlimComputer
2012-03-30 23:21 . 2012-03-30 23:21 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-03-30 23:18 . 2012-03-30 23:18 -------- d-----w- c:\program files\PeerBlock
2012-03-30 23:16 . 2010-07-22 21:13 54848 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2012-03-30 22:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-30 22:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-30 21:52 . 2012-03-30 21:52 -------- d-----w- c:\windows\system32\SPReview
2012-03-30 21:51 . 2012-03-30 21:51 -------- d-----w- c:\windows\system32\EventProviders
2012-03-30 21:40 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-30 21:40 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-30 21:40 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-30 21:40 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-03-30 21:40 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-03-30 21:40 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2012-03-30 21:40 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-30 21:40 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-03-30 21:38 . 2010-11-20 13:26 777728 ----a-w- c:\windows\system32\gpsvc.dll
2012-03-30 21:37 . 2010-11-20 13:33 140672 ----a-w- c:\windows\system32\drivers\msdsm.sys
2012-03-30 21:36 . 2010-11-20 13:27 4400640 ----a-w- c:\program files\DVD Maker\OmdProject.dll
2012-03-30 21:35 . 2010-11-20 13:27 37376 ----a-w- c:\windows\system32\shimgvw.dll
2012-03-30 21:34 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-03-30 21:34 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-03-30 21:34 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-30 21:34 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-30 21:32 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-30 21:00 . 2012-03-31 06:43 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-30 20:50 . 2012-03-30 20:50 -------- d-----w- C:\Intel
2012-03-30 20:49 . 2012-03-30 20:49 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-30 20:49 . 2012-03-30 20:49 -------- d-----w- c:\windows\system32\Wat
2012-03-30 20:48 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-30 20:48 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-30 20:48 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-30 20:31 . 2012-03-30 20:31 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-30 20:23 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-30 20:22 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-03-30 20:22 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-30 20:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-30 20:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-30 18:39 . 2012-03-30 18:40 -------- d-----w- c:\programdata\Recovery
2012-03-30 18:25 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-03-30 16:03 . 2012-03-30 16:03 -------- d-----w- c:\programdata\Malwarebytes
2012-03-30 15:58 . 2012-03-30 15:58 -------- d-----w- c:\program files\CCleaner
2012-03-30 15:51 . 2012-03-31 07:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-30 15:51 . 2012-03-30 15:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-30 15:27 . 2012-03-30 15:27 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-30 15:26 . 2012-04-13 21:50 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-30 15:26 . 2012-03-30 15:40 -------- d-----w- c:\programdata\AVG2012
2012-03-30 15:26 . 2012-03-30 15:26 -------- d-----w- C:\$AVG
2012-03-30 15:26 . 2012-03-30 15:26 -------- d-----w- c:\program files (x86)\AVG
2012-03-30 15:23 . 2012-03-30 15:23 -------- d-----w- c:\programdata\Common Files
2012-03-30 15:23 . 2012-04-13 21:50 -------- d-----w- c:\programdata\MFAData
2012-03-30 14:57 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-30 14:57 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-30 14:57 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-30 14:57 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-30 14:57 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-30 14:49 . 2012-04-05 20:57 -------- d-----w- c:\users\Andy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 22:20 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-30 23:31 . 2010-11-26 03:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-30 23:31 . 2010-11-26 03:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-30 22:17 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-30 22:17 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-18 10:44 . 2012-01-18 10:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 10:44 . 2012-01-18 10:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 10:44 . 2012-01-18 10:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 10:44 . 2012-01-18 10:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 10:44 . 2012-01-18 10:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 10:44 . 2012-01-18 10:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 10:44 . 2012-01-18 10:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 10:44 . 2012-01-18 10:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 10:44 . 2012-01-18 10:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 10:44 . 2012-01-18 10:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 10:44 . 2012-01-18 10:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 10:44 . 2012-01-18 10:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 10:44 . 2012-01-18 10:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 10:44 . 2012-01-18 10:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 10:44 . 2012-01-18 10:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-18 10:23 . 2012-01-18 10:23 38958 ----a-w- c:\windows\system32\Repository.reg
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-14_01.49.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-31 05:58 . 2012-04-14 01:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-31 05:58 . 2012-04-14 03:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-14 01:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-14 03:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-14 01:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 03:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 03:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 01:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-30 15:01 . 2012-04-14 01:58 33278 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-14 01:58 33904 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-03-30 17:44 . 2012-04-14 00:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-30 17:44 . 2012-04-14 02:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-30 17:44 . 2012-04-14 02:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-30 17:44 . 2012-04-14 00:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 02:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 00:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-01 01:49 . 2012-04-14 01:55 3252 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-30 14:50 . 2012-04-14 01:58 9472 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1093133300-4018294402-848067211-1000_UserData.bin
- 2012-04-14 01:49 . 2012-04-14 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-14 03:04 . 2012-04-14 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-14 01:49 . 2012-04-14 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-14 03:04 . 2012-04-14 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-14 01:48 395188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-14 03:03 395188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-30 14:58 . 2012-04-14 01:48 1386428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1093133300-4018294402-848067211-1000-8192.dat
+ 2012-03-30 14:58 . 2012-04-14 03:03 1386428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1093133300-4018294402-848067211-1000-8192.dat
+ 2012-03-30 15:27 . 2012-04-14 03:03 14061154 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1093133300-4018294402-848067211-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-30 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-06 1636872]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:00]
.
2012-04-13 c:\windows\Tasks\HPCeeScheduleForANDY-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-04-12 c:\windows\Tasks\HPCeeScheduleForAndy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ca.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 64.71.255.198 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-13 23:08:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 03:08
ComboFix2.txt 2012-04-14 01:53
.
Pre-Run: 1,425,419,214,848 bytes free
Post-Run: 1,425,435,590,656 bytes free
.
- - End Of File - - 2B4FB9D59FF455DD19C108803980E30F

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 13 April 2012 - 10:33 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 13 April 2012 - 11:06 PM

So far all seems well. No problems that I have noticed. These were run with my security programs running, I assume that's ok (?). Thanks!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andy :: ANDY-HP [administrator]

Protection: Enabled

13/04/2012 11:43:13 PM
mbam-log-2012-04-13 (23-43-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197496
Time elapsed: 1 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:00:02 AM, on 14/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MIDISPORT Audio Device Monitor (MIDISPORTAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11720 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 AM

Posted 13 April 2012 - 11:16 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
      O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
      O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Cave71

Cave71
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 April 2012 - 12:22 AM

This is what the ESET scan showed:

C:\Users\Andy\Added Programs\mylockbox_setup.zip Win32/OpenCandy application
C:\Users\Andy\Added Programs\Audio Video\winamp5623_full_emusic-7plus_all.exe Win32/OpenCandy application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users