Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bprotect/ Ibryte and very slow web browsers, ran a Hijack this scan and need help?


  • This topic is locked This topic is locked
16 replies to this topic

#1 jan3847

jan3847

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 09 April 2012 - 11:27 PM

so Basicly what is wrong is about 3 months ago my web browsers (Google chrome and Internet explorer) seem to be slowing dow more than usually, I initially blamed it on my internet but lately (last 3 weeks?) some internet pages will not load at all,the ones I have noticed are adobe.com and youtube.com (if they do load which only happened once they load all messed up) so I went on a delete athon ( any programs I dont use ) and came across a program called bProtect, I didnt know what it was and found its apprently a virus (changes your default search provider to goon search etc) so I deleted it, searchd through my files and deleted anything with that name, and during this I came across another thing called PlayBryte by Ibryte, looked it up and apprently its a virus thing also, so I deleted the files and couldnt find it in control panel, I then ran multiple virus scans using Aviraantivir, it found one thing called goonsearch, but after that, nothing, I also ran Malwarebytes, both premium and both found nothing. I have since also tryed avast, AVG, spybot search and destroy, adaware (note I have uninstalled them between installing the new ones) and stil my browsers where very slow/wouldnt load some website. So I did a system reinstall (although the stupid thing wouldnt let me delete the old files it saved them , after it got done installing I deleted these files) any way still the same problem, it wont laod some webpages and is slow. since I have once again installed scans and tryed them. and lately I ran a Hijackthis scan, it came up with a bunch of errors? I clicked analyze this and I assumed that it wanted me to make a post on here ?
-I am currently running Windows 7 64 bit
-I am on satalite internet, with a router
-I -have 3 computers connected to the router, the 2 other computers can load every webpage fine
-all are also windows 7 64 bit the only difference is that the affected computer is a Dell it ran fine previously
-I have uninstalled and reinstalled every program all updates are installed etc
-I have ran defragmenter and CCleaner
-I have contacted my internet provider, my internet is running great apparently
-currently I am writing this on Realplayer browser (runs alright but very slow)
-not sure if this has anytihng to do with what ever problem I have but I use hotmail and since my webrowsers have been slowing down it gets the message that it cannot connec to the internet at this time please try again later.(but doesnt appear on other computers on same internet connection)
-other than that I have no symptomes of being infected
-I have searched the registry and removed every file with the name of bprotect or Ibryte didnt further or better the problem
-Thank you for any/all help you offer
I am going to post the HiJack this log incase I am infected with a virus

- HiJack this Log-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:44 PM, on 4/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files (x86)\Real\RealPlayer\realplay.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\janet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10578 bytes

Edited by jan3847, 09 April 2012 - 11:29 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:03 PM

Posted 11 April 2012 - 06:06 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jan3847

jan3847
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 April 2012 - 07:06 AM

This process went fine thank you, with no problems

-DDS Log-

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by janet at 5:57:17 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9840 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://startpage.com/
uDefault_Page_URL = hxxp://www.dell.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\janet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BITMET~1.LNK - C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{268582B9-133A-4120-B88F-D97815802472} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-4-1 342480]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-1 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-1 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-4-1 463824]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-11 08:41:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91FA1E37-F345-4B6D-A945-5CF2844DF574}\offreg.dll
2012-04-11 06:13:29 -------- d-----w- C:\Users\janet\AppData\Local\{F9060CA2-97A7-46F4-9F6A-FD55CDB595C2}
2012-04-11 06:13:10 -------- d-----w- C:\Users\janet\AppData\Local\{7FE79FF5-3265-4A0B-92EF-5B6A93ED0EDB}
2012-04-10 18:12:54 -------- d-----w- C:\Users\janet\AppData\Local\{04D69F71-46E3-435C-BF49-45C64F7B6925}
2012-04-10 18:12:37 -------- d-----w- C:\Users\janet\AppData\Local\{3754080C-281C-442F-AECE-DCA2EF924DB4}
2012-04-10 14:42:10 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-10 08:10:41 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91FA1E37-F345-4B6D-A945-5CF2844DF574}\mpengine.dll
2012-04-10 06:08:34 -------- d-----w- C:\Users\janet\AppData\Local\{B52C1B8B-8D11-4A5F-A4F3-F7FC88FA2F5B}
2012-04-10 06:08:18 -------- d-----w- C:\Users\janet\AppData\Local\{7BEF5A41-864B-4A5A-8952-3DD9C41B6BAE}
2012-04-10 05:42:51 -------- d-----w- C:\Users\janet\AppData\Roaming\SUPERAntiSpyware.com
2012-04-10 05:42:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-10 05:37:22 -------- d-----w- C:\Users\janet\AppData\Local\{FFCECE4E-6E83-44F9-B7A8-2CA87E90EEF7}
2012-04-10 05:37:07 -------- d-----w- C:\Users\janet\AppData\Local\{AD655E1C-3978-4BCA-AF4A-6BEE4536FC47}
2012-04-10 04:49:11 -------- d-----w- C:\ProgramData\Grisoft
2012-04-10 03:37:37 -------- d-----w- C:\Users\janet\AppData\Local\{5156B86D-C798-41AD-B839-CB17E90AA3FF}
2012-04-10 03:37:22 -------- d-----w- C:\Users\janet\AppData\Local\{4D4A4756-7C7E-4C70-8288-88E78765CB5C}
2012-04-10 02:54:30 -------- d-----w- C:\ProgramData\Speedbit
2012-04-10 02:53:55 -------- d-----w- C:\Users\janet\AppData\Local\Diagnostics
2012-04-10 02:49:34 388096 ----a-r- C:\Users\janet\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-10 02:49:34 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-10 02:25:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-10 02:24:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-04-09 23:53:27 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-09 22:42:48 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-04-09 22:10:15 -------- d-----w- C:\Users\janet\AppData\Local\Adobe
2012-04-09 14:33:32 -------- d-----w- C:\Users\janet\AppData\Local\{B159934E-843D-4E19-8199-069490A4939B}
2012-04-09 14:33:12 -------- d-----w- C:\Users\janet\AppData\Local\{46871C39-E736-490C-AC33-6C9FE897AF4B}
2012-04-09 02:32:56 -------- d-----w- C:\Users\janet\AppData\Local\{07F453B7-39C3-4E4C-8357-7DA2F388FA40}
2012-04-09 02:32:38 -------- d-----w- C:\Users\janet\AppData\Local\{51FB7954-AB99-460E-8689-58D853EDEB8C}
2012-04-08 09:23:22 -------- d-----w- C:\Users\janet\AppData\Local\{D35C4B98-8437-488C-AA4C-B234C49C21D0}
2012-04-08 09:23:07 -------- d-----w- C:\Users\janet\AppData\Local\{53C61017-22AF-4EE6-BB6A-44D9B2711576}
2012-04-07 21:22:53 -------- d-----w- C:\Users\janet\AppData\Local\{41772CBD-61C4-4224-B986-E7F57752AE0C}
2012-04-07 21:22:36 -------- d-----w- C:\Users\janet\AppData\Local\{569D8638-E29A-440A-B314-480052A5A7E6}
2012-04-07 09:22:09 -------- d-----w- C:\Users\janet\AppData\Local\{1DFFECFF-367C-45FB-8973-7189F82455B5}
2012-04-07 09:21:52 -------- d-----w- C:\Users\janet\AppData\Local\{1F8D9C9D-24D3-4ED1-B33A-5999821EF120}
2012-04-06 21:21:37 -------- d-----w- C:\Users\janet\AppData\Local\{2EE770A5-070D-4E10-969C-CAD29DA4CBB8}
2012-04-06 21:21:23 -------- d-----w- C:\Users\janet\AppData\Local\{792319A2-8CF1-4A0C-9AAF-25E0FE370633}
2012-04-05 11:19:48 -------- d-----w- C:\Users\janet\AppData\Local\{73A04F52-C189-4F09-A48D-4FE55939D730}
2012-04-05 11:19:33 -------- d-----w- C:\Users\janet\AppData\Local\{BA1382BA-D502-4801-B014-BFC4F7C57357}
2012-04-04 23:19:18 -------- d-----w- C:\Users\janet\AppData\Local\{E71EA7D9-DF48-434C-A9B1-B9AA13E91892}
2012-04-04 23:19:02 -------- d-----w- C:\Users\janet\AppData\Local\{FAB1EDB4-45D6-4C48-A5DD-2BBD72CBE930}
2012-04-04 11:18:47 -------- d-----w- C:\Users\janet\AppData\Local\{638C2E0A-95C7-4757-94F2-BC4B1BA556B6}
2012-04-04 11:18:33 -------- d-----w- C:\Users\janet\AppData\Local\{F1073435-F64F-4E25-BB17-D55C67BBEEAF}
2012-04-04 11:17:58 -------- d-----w- C:\Users\janet\AppData\Local\{2B78AD82-420F-4899-B4B0-ACEA5B8B8E8A}
2012-04-03 23:18:16 -------- d-----w- C:\Users\janet\AppData\Local\{8DD270E5-5AC1-4520-94E0-91F8480F7F9A}
2012-04-03 23:17:58 -------- d-----w- C:\Users\janet\AppData\Local\{082D1A18-18E6-4C66-A6FE-7E5C7C98AB38}
2012-04-03 11:17:31 -------- d-----w- C:\Users\janet\AppData\Local\{AF08FAA6-6237-44EE-B12F-327EA4EFBAE5}
2012-04-03 11:17:16 -------- d-----w- C:\Users\janet\AppData\Local\{D5EBC3DB-B9C7-4F09-8618-A95577305804}
2012-04-03 01:38:59 -------- d-----w- C:\Program Files (x86)\MSECache
2012-04-03 00:10:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-03 00:10:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-03 00:10:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-03 00:10:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-03 00:10:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-03 00:10:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-03 00:10:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-03 00:09:27 -------- d-----w- C:\Users\janet\AppData\Local\Apple
2012-04-02 23:16:57 -------- d-----w- C:\Users\janet\AppData\Local\{84E4EAD3-E81B-4C0C-9B2B-3A6EE51FBEE9}
2012-04-02 23:16:38 -------- d-----w- C:\Users\janet\AppData\Local\{8BA410E7-5D24-4D34-A103-31E3AF300897}
2012-04-02 23:11:42 -------- d-----w- C:\Users\janet\AppData\Local\ATI
2012-04-02 23:11:40 -------- d-----w- C:\ProgramData\AMD
2012-04-02 23:11:39 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-02 23:11:37 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-02 23:11:33 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-04-02 23:11:33 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-04-02 23:10:13 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-04-02 23:10:04 -------- d-----w- C:\Program Files\ATI Technologies
2012-04-02 23:09:54 -------- d-----w- C:\Program Files\ATI
2012-04-02 19:28:22 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-04-02 18:40:07 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-04-02 18:40:07 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-04-02 18:40:07 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-04-02 15:44:08 -------- d-----w- C:\Users\janet\AppData\Roaming\Bitmeter2
2012-04-02 15:44:08 -------- d-----w- C:\ProgramData\Bitmeter2
2012-04-02 15:44:08 -------- d-----w- C:\Program Files (x86)\Codebox
2012-04-02 14:37:47 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-04-02 14:37:47 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-04-02 14:37:47 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-04-02 14:37:47 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-04-02 14:37:47 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-04-02 14:37:47 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-04-02 14:37:47 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-04-02 14:37:47 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-04-02 14:37:47 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-04-02 14:37:47 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-04-02 14:37:47 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-04-02 14:36:37 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-04-02 14:36:37 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-04-02 14:36:37 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-04-02 14:36:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-04-02 14:36:37 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-04-02 14:36:37 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-04-02 14:36:37 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-04-02 12:11:02 -------- d-----w- C:\Users\janet\AppData\Local\Nero
2012-04-02 12:01:59 -------- d-----w- C:\ProgramData\Nero
2012-04-02 11:57:00 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys
2012-04-02 11:56:59 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys
2012-04-02 11:56:59 -------- d-----w- C:\Program Files (x86)\Nero
2012-04-02 11:50:21 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-04-02 11:50:21 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-04-02 11:50:21 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-04-02 11:50:21 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-04-02 11:50:21 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2012-04-02 11:49:48 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-04-02 11:49:15 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-04-02 11:48:42 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-04-02 11:48:09 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2012-04-02 11:47:37 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2012-04-02 11:16:06 -------- d-----w- C:\Users\janet\AppData\Local\{C7870984-474D-4B08-9620-E2D10D3CC6C2}
2012-04-02 11:15:51 -------- d-----w- C:\Users\janet\AppData\Local\{A6F233AD-5C07-44C1-951B-B96FBF816765}
2012-04-02 10:36:49 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-02 10:36:49 -------- d-----w- C:\Windows\System32\Wat
2012-04-02 10:30:02 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 10:30:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 10:30:02 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 10:02:35 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-02 09:14:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-04-02 09:14:47 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-04-02 09:14:45 2871808 ----a-w- C:\Windows\explorer.exe
2012-04-02 09:14:45 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-04-02 09:11:55 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2012-04-02 09:10:57 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-04-02 09:10:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-04-02 09:10:53 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-04-02 09:10:53 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-04-02 09:10:43 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-04-02 09:10:37 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-04-02 09:10:37 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-04-02 09:10:34 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-04-02 09:10:34 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-04-02 09:10:34 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-04-02 09:10:34 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-04-02 09:08:53 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-04-02 09:07:58 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-04-02 09:07:55 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-04-02 09:07:55 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-04-02 09:07:53 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-04-02 09:07:53 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-04-02 09:07:53 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-04-02 09:07:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-02 09:07:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-02 09:07:31 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-02 09:07:31 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-02 09:07:24 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-02 09:07:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-02 03:10:20 -------- d-----w- C:\Users\janet\AppData\Local\Google
2012-04-02 00:38:49 -------- d-----w- C:\Users\janet\AppData\Roaming\Avira
2012-04-02 00:34:05 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-04-02 00:34:05 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-04-02 00:34:05 139512 ----a-w- C:\Windows\System32\drivers\avfwot.sys
2012-04-02 00:34:05 113768 ----a-w- C:\Windows\System32\drivers\avfwim.sys
2012-04-02 00:34:05 -------- d-----w- C:\Program Files (x86)\Avira
2012-04-01 21:39:02 -------- d-----w- C:\Program Files (x86)\SpeedBit Video Accelerator
2012-04-01 21:34:47 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-04-01 21:34:40 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-01 21:34:40 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-01 19:47:58 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-01 19:47:58 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 18:05:37 -------- d-----w- C:\Users\janet\AppData\Local\{F1949818-4169-4E1C-BF18-70D5E8B927F6}
2012-04-01 17:47:35 -------- d-----w- C:\Users\janet\AppData\Local\{FB9E57C3-C4C6-447F-97BC-DEFF5BC944A0}
2012-04-01 17:47:08 -------- d-----w- C:\Users\janet\AppData\Local\{09542B48-50DA-46CF-AB27-D238929E8052}
2012-04-01 17:46:55 -------- d-----w- C:\Users\janet\Tracing
2012-04-01 17:28:13 -------- d-----w- C:\Windows\PCHEALTH
2012-04-01 17:26:28 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9159a3401cd102c05\Silverlight.4.0.exe
2012-04-01 17:23:27 -------- d-----w- C:\Users\janet\AppData\Local\Windows Live
2012-04-01 17:23:25 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-04-01 16:47:48 -------- d-----w- C:\Users\janet\AppData\Roaming\Malwarebytes
2012-04-01 16:47:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-01 16:47:42 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-01 16:47:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-01 15:44:16 -------- d-----w- C:\Program Files\CCleaner
2012-04-01 15:12:39 -------- d-----w- C:\Windows\Panther
2012-04-01 15:12:01 -------- d-----w- C:\Windows\System32\OEM
2012-04-01 14:56:13 -------- dc----w- C:\Windows.old
2012-04-01 13:55:14 -------- d-----w- C:\ProgramData\Avira
2012-04-01 13:50:18 0 ----a-w- C:\Windows\ativpsrm.bin
2012-04-01 13:42:45 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-01 13:42:45 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-01 13:42:45 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-01 13:42:45 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-01 13:42:41 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-01 13:42:41 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-01 13:42:41 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-01 13:41:55 -------- d-sh--w- C:\Windows\Installer
2012-03-31 13:10:12 -------- dc----w- C:\MATS
.
==================== Find3M ====================
.
2012-03-09 07:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-09 07:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 07:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-09 07:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 07:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-09 07:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 07:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 07:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-03-09 00:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 13:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 13:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 5:57:43.74 ===============

- Attach Log-

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2012 7:36:39 AM
System Uptime: 4/10/2012 12:11:36 PM (17 hours ago)
.
Motherboard: Dell Inc. | | 05DN3X
Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 1345.292 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP28: 4/5/2012 2:00:11 AM - Windows Update
RP29: 4/9/2012 4:41:34 PM - Installed Ad-Aware
RP30: 4/9/2012 4:42:27 PM - Installed Ad-Aware
RP31: 4/9/2012 7:49:04 PM - Removed Ad-Aware
RP32: 4/9/2012 8:49:10 PM - Installed HiJackThis
RP33: 4/10/2012 2:09:58 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.2)
Apple Application Support
Apple Software Update
Avira Internet Security 2012
BitMeter
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Google Chrome
High-Definition Video Playback
HiJackThis
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
Nero 11
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Prerequisite Installer 1.0
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SharedVideoCodecs
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
welcome
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 2:22:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.
4/9/2012 1:09:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:03 PM

Posted 11 April 2012 - 07:41 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jan3847

jan3847
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 April 2012 - 08:07 AM

-No problems
-Computer works better than it has in ages

-ComboFix Log-

ComboFix 12-04-11.01 - janet 04/11/2012 6:47.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10055 [GMT -6:00]
Running from: c:\users\janet\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 12:49 . 2012-04-11 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 08:41 . 2012-04-11 08:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91FA1E37-F345-4B6D-A945-5CF2844DF574}\offreg.dll
2012-04-10 14:42 . 2012-04-10 14:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-10 08:10 . 2012-03-20 09:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91FA1E37-F345-4B6D-A945-5CF2844DF574}\mpengine.dll
2012-04-10 05:42 . 2012-04-10 05:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-10 04:49 . 2012-04-10 04:49 -------- d-----w- c:\programdata\Grisoft
2012-04-10 02:54 . 2012-04-10 02:54 -------- d-----w- c:\programdata\Speedbit
2012-04-10 02:49 . 2012-04-10 02:49 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-10 02:25 . 2012-04-10 02:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-10 02:24 . 2012-04-10 05:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-04-09 23:53 . 2012-04-09 23:53 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-04-09 22:42 . 2012-04-10 01:49 -------- d-----w- c:\programdata\Lavasoft
2012-04-09 22:42 . 2012-04-09 22:42 -------- d-----w- c:\program files (x86)\Lavasoft
2012-04-03 01:38 . 2012-04-03 01:38 -------- d-----w- c:\program files (x86)\MSECache
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-03 00:10 . 2012-04-03 00:10 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-03 00:10 . 2012-04-03 00:10 -------- d-----w- c:\programdata\Apple Computer
2012-04-03 00:09 . 2012-04-03 00:09 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-04-03 00:09 . 2012-04-03 00:09 -------- d-----w- c:\programdata\Apple
2012-04-03 00:09 . 2012-04-03 00:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\programdata\ATI
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\programdata\AMD
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-02 23:10 . 2012-04-02 23:10 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-04-02 23:10 . 2012-04-02 23:11 -------- d-----w- c:\program files\ATI Technologies
2012-04-02 23:09 . 2012-04-02 23:09 -------- d-----w- c:\program files\ATI
2012-04-02 19:28 . 2012-04-02 19:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-02 18:40 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-02 18:40 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-02 18:40 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-02 15:44 . 2012-04-11 12:48 -------- d-----w- c:\programdata\Bitmeter2
2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\program files (x86)\Codebox
2012-04-02 14:37 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-04-02 14:37 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-04-02 14:37 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-04-02 14:37 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-04-02 14:37 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-04-02 14:37 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-04-02 14:37 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-04-02 14:37 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-04-02 14:37 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-04-02 14:37 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-04-02 14:37 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-04-02 14:36 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-04-02 14:36 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-02 14:36 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-04-02 14:36 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-04-02 14:36 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-04-02 14:36 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-04-02 14:36 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-04-02 12:02 . 2012-04-02 13:49 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-04-02 12:01 . 2012-04-02 12:09 -------- d-----w- c:\programdata\Nero
2012-04-02 11:57 . 2011-07-13 19:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-04-02 11:56 . 2012-04-10 01:49 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-02 11:56 . 2012-04-02 12:09 -------- d-----w- c:\program files (x86)\Nero
2012-04-02 11:56 . 2011-07-13 19:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-04-02 11:52 . 2012-04-02 11:52 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-02 11:50 . 2010-05-26 17:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-04-02 11:50 . 2010-05-26 17:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-04-02 11:50 . 2010-05-26 17:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-04-02 11:50 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-04-02 11:50 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-04-02 11:49 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-04-02 11:49 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-04-02 11:48 . 2008-10-15 12:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-04-02 11:48 . 2007-07-20 00:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-04-02 11:47 . 2007-05-16 22:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-04-02 10:36 . 2012-04-02 10:36 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-02 10:36 . 2012-04-02 10:36 -------- d-----w- c:\windows\system32\Wat
2012-04-02 10:30 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 10:30 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 10:30 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 09:14 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-04-02 09:14 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-04-02 09:14 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-04-02 09:14 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-04-02 09:11 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-04-02 09:10 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-02 09:10 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-02 09:10 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-02 09:10 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-02 09:10 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-02 09:10 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-02 09:10 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-02 09:10 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-04-02 09:10 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-04-02 09:10 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-04-02 09:10 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-04-02 09:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-02 09:07 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-04-02 09:07 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-02 09:07 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-04-02 09:07 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-02 09:07 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-02 09:07 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-02 09:07 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-02 09:07 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-02 09:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-02 09:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-02 09:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-02 09:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-02 00:34 . 2012-04-02 00:34 -------- d-----w- c:\program files (x86)\Avira
2012-04-02 00:34 . 2012-04-02 00:25 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-02 00:34 . 2012-04-02 00:25 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-02 00:34 . 2012-04-02 00:25 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-02 00:34 . 2012-04-02 00:25 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-04-02 00:34 . 2012-04-02 00:25 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-04-01 21:39 . 2012-04-01 21:39 -------- d-----w- c:\program files (x86)\SpeedBit Video Accelerator
2012-04-01 21:34 . 2012-04-01 21:34 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-04-01 21:34 . 2012-04-01 21:34 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-01 21:34 . 2012-04-01 21:34 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-01 21:34 . 2012-04-01 21:34 -------- d-----w- c:\program files (x86)\Real
2012-04-01 19:47 . 2012-04-01 19:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-01 19:47 . 2012-04-01 19:47 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 19:47 . 2012-04-01 19:47 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-01 19:47 . 2012-04-01 19:47 -------- d-----w- c:\windows\system32\Macromed
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 17:28 . 2011-03-29 00:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-09 07:26 . 2012-03-09 07:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 07:26 . 2012-03-09 07:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 07:26 . 2012-03-09 07:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 07:26 . 2012-03-09 07:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 07:26 . 2012-03-09 07:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 07:25 . 2012-03-09 07:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 07:24 . 2012-03-09 07:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 07:24 . 2012-03-09 07:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2011-11-10 09:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2011-11-10 09:15 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2011-11-10 09:06 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2011-11-10 08:51 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2011-11-10 08:11 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2011-11-10 08:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-11-10 08:18 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-09 00:50 . 2012-03-09 00:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 13:02 . 2012-01-31 13:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 13:00 . 2012-01-31 13:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-04-01 296056]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-04-02 258512]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files (x86)\Codebox\BitMeter\BitMeter2.exe [2010-8-28 1462272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2012-04-01 265928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-04-02 342480]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-04-02 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-04-02 463824]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:47]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109032702-2260647455-2936552958-1000Core.job
- c:\users\janet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 03:10]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109032702-2260647455-2936552958-1000UA.job
- c:\users\janet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 03:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://startpage.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-11 06:50:36
ComboFix-quarantined-files.txt 2012-04-11 12:50
.
Pre-Run: 1,444,395,978,752 bytes free
Post-Run: 1,444,263,981,056 bytes free
.
- - End Of File - - 1B817635BE5DC0D0EEEA5F1A6EC67A12

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:03 PM

Posted 11 April 2012 - 08:29 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jan3847

jan3847
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 April 2012 - 09:01 AM

-No problems

-TDSSKiller Log-

07:34:57.0545 0940 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
07:34:59.0011 0940 ============================================================
07:34:59.0011 0940 Current date / time: 2012/04/11 07:34:59.0011
07:34:59.0011 0940 SystemInfo:
07:34:59.0011 0940
07:34:59.0011 0940 OS Version: 6.1.7601 ServicePack: 1.0
07:34:59.0011 0940 Product type: Workstation
07:34:59.0011 0940 ComputerName: JANET-PC
07:34:59.0011 0940 UserName: janet
07:34:59.0011 0940 Windows directory: C:\Windows
07:34:59.0011 0940 System windows directory: C:\Windows
07:34:59.0011 0940 Running under WOW64
07:34:59.0011 0940 Processor architecture: Intel x64
07:34:59.0011 0940 Number of processors: 8
07:34:59.0011 0940 Page size: 0x1000
07:34:59.0011 0940 Boot type: Normal boot
07:34:59.0011 0940 ============================================================
07:35:10.0587 0940 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:35:10.0649 0940 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:35:10.0665 0940 \Device\Harddisk0\DR0:
07:35:10.0665 0940 MBR used
07:35:10.0665 0940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:35:10.0665 0940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
07:35:10.0665 0940 \Device\Harddisk1\DR1:
07:35:10.0727 0940 Invalid mbr signature
07:35:10.0743 0940 Initialize success
07:35:10.0743 0940 ============================================================
07:36:16.0325 5016 ============================================================
07:36:16.0325 5016 Scan started
07:36:16.0325 5016 Mode: Manual;
07:36:16.0325 5016 ============================================================
07:36:16.0793 5016 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
07:36:16.0793 5016 !SASCORE - ok
07:36:16.0871 5016 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
07:36:16.0871 5016 1394ohci - ok
07:36:16.0902 5016 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:36:16.0902 5016 ACPI - ok
07:36:16.0918 5016 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:36:16.0918 5016 AcpiPmi - ok
07:36:16.0965 5016 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:36:16.0965 5016 AdobeARMservice - ok
07:36:16.0996 5016 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:36:17.0011 5016 AdobeFlashPlayerUpdateSvc - ok
07:36:17.0043 5016 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
07:36:17.0043 5016 adp94xx - ok
07:36:17.0058 5016 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
07:36:17.0058 5016 adpahci - ok
07:36:17.0074 5016 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
07:36:17.0074 5016 adpu320 - ok
07:36:17.0105 5016 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:36:17.0105 5016 AeLookupSvc - ok
07:36:17.0152 5016 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:36:17.0152 5016 AFD - ok
07:36:17.0183 5016 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:36:17.0183 5016 agp440 - ok
07:36:17.0199 5016 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:36:17.0199 5016 ALG - ok
07:36:17.0214 5016 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:36:17.0230 5016 aliide - ok
07:36:17.0261 5016 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
07:36:17.0261 5016 AMD External Events Utility - ok
07:36:17.0277 5016 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:36:17.0277 5016 amdide - ok
07:36:17.0308 5016 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
07:36:17.0308 5016 AmdK8 - ok
07:36:17.0464 5016 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
07:36:17.0511 5016 amdkmdag - ok
07:36:17.0526 5016 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
07:36:17.0526 5016 amdkmdap - ok
07:36:17.0557 5016 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
07:36:17.0557 5016 AmdPPM - ok
07:36:17.0589 5016 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:36:17.0589 5016 amdsata - ok
07:36:17.0604 5016 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
07:36:17.0604 5016 amdsbs - ok
07:36:17.0635 5016 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:36:17.0635 5016 amdxata - ok
07:36:17.0698 5016 AntiVirMailService (fb086757347d788366ebfb5f6f35be08) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
07:36:17.0698 5016 AntiVirMailService - ok
07:36:17.0713 5016 AntiVirSchedulerService (a0cca65a17ff3d110c4c63ed1570daa7) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
07:36:17.0713 5016 AntiVirSchedulerService - ok
07:36:17.0745 5016 AntiVirService (04972a4491de1f7f098f3e48ad550d3b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
07:36:17.0745 5016 AntiVirService - ok
07:36:17.0791 5016 AntiVirWebService (c3377384082bb2b278895e209b7dbd5a) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
07:36:17.0791 5016 AntiVirWebService - ok
07:36:17.0823 5016 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:36:17.0823 5016 AppID - ok
07:36:17.0854 5016 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:36:17.0854 5016 AppIDSvc - ok
07:36:17.0869 5016 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:36:17.0869 5016 Appinfo - ok
07:36:17.0885 5016 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
07:36:17.0901 5016 arc - ok
07:36:17.0901 5016 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
07:36:17.0901 5016 arcsas - ok
07:36:17.0932 5016 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:36:17.0932 5016 AsyncMac - ok
07:36:17.0963 5016 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:36:17.0963 5016 atapi - ok
07:36:17.0994 5016 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
07:36:17.0994 5016 AtiHDAudioService - ok
07:36:18.0025 5016 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:36:18.0025 5016 AudioEndpointBuilder - ok
07:36:18.0041 5016 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:36:18.0041 5016 AudioSrv - ok
07:36:18.0072 5016 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
07:36:18.0072 5016 avgntflt - ok
07:36:18.0103 5016 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
07:36:18.0103 5016 avipbb - ok
07:36:18.0135 5016 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
07:36:18.0135 5016 avkmgr - ok
07:36:18.0166 5016 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:36:18.0166 5016 AxInstSV - ok
07:36:18.0197 5016 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
07:36:18.0197 5016 b06bdrv - ok
07:36:18.0213 5016 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:36:18.0228 5016 b57nd60a - ok
07:36:18.0259 5016 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:36:18.0259 5016 BDESVC - ok
07:36:18.0275 5016 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:36:18.0275 5016 Beep - ok
07:36:18.0306 5016 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:36:18.0322 5016 BFE - ok
07:36:18.0353 5016 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
07:36:18.0369 5016 BITS - ok
07:36:18.0384 5016 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:36:18.0384 5016 blbdrive - ok
07:36:18.0415 5016 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:36:18.0415 5016 bowser - ok
07:36:18.0431 5016 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
07:36:18.0431 5016 BrFiltLo - ok
07:36:18.0462 5016 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
07:36:18.0462 5016 BrFiltUp - ok
07:36:18.0493 5016 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:36:18.0493 5016 BridgeMP - ok
07:36:18.0525 5016 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:36:18.0525 5016 Browser - ok
07:36:18.0540 5016 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:36:18.0540 5016 Brserid - ok
07:36:18.0571 5016 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:36:18.0571 5016 BrSerWdm - ok
07:36:18.0587 5016 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:36:18.0587 5016 BrUsbMdm - ok
07:36:18.0603 5016 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:36:18.0603 5016 BrUsbSer - ok
07:36:18.0618 5016 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
07:36:18.0618 5016 BTHMODEM - ok
07:36:18.0665 5016 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:36:18.0665 5016 bthserv - ok
07:36:18.0681 5016 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:36:18.0681 5016 cdfs - ok
07:36:18.0712 5016 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:36:18.0712 5016 cdrom - ok
07:36:18.0743 5016 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:36:18.0743 5016 CertPropSvc - ok
07:36:18.0774 5016 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:36:18.0774 5016 circlass - ok
07:36:18.0805 5016 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:36:18.0805 5016 CLFS - ok
07:36:18.0852 5016 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:36:18.0868 5016 clr_optimization_v2.0.50727_32 - ok
07:36:18.0883 5016 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:36:18.0883 5016 clr_optimization_v2.0.50727_64 - ok
07:36:18.0930 5016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:36:18.0946 5016 clr_optimization_v4.0.30319_32 - ok
07:36:18.0961 5016 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:36:18.0961 5016 clr_optimization_v4.0.30319_64 - ok
07:36:18.0977 5016 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
07:36:18.0977 5016 CmBatt - ok
07:36:18.0993 5016 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:36:18.0993 5016 cmdide - ok
07:36:19.0039 5016 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:36:19.0039 5016 CNG - ok
07:36:19.0055 5016 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
07:36:19.0055 5016 Compbatt - ok
07:36:19.0086 5016 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:36:19.0086 5016 CompositeBus - ok
07:36:19.0086 5016 COMSysApp - ok
07:36:19.0102 5016 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
07:36:19.0102 5016 crcdisk - ok
07:36:19.0133 5016 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:36:19.0133 5016 CryptSvc - ok
07:36:19.0164 5016 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:36:19.0180 5016 DcomLaunch - ok
07:36:19.0211 5016 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:36:19.0211 5016 defragsvc - ok
07:36:19.0242 5016 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:36:19.0242 5016 DfsC - ok
07:36:19.0258 5016 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:36:19.0258 5016 Dhcp - ok
07:36:19.0273 5016 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:36:19.0273 5016 discache - ok
07:36:19.0305 5016 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
07:36:19.0305 5016 Disk - ok
07:36:19.0336 5016 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:36:19.0336 5016 Dnscache - ok
07:36:19.0367 5016 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:36:19.0367 5016 dot3svc - ok
07:36:19.0398 5016 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:36:19.0398 5016 DPS - ok
07:36:19.0429 5016 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:36:19.0429 5016 drmkaud - ok
07:36:19.0461 5016 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:36:19.0461 5016 DXGKrnl - ok
07:36:19.0492 5016 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:36:19.0492 5016 EapHost - ok
07:36:19.0570 5016 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
07:36:19.0585 5016 ebdrv - ok
07:36:19.0617 5016 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:36:19.0617 5016 EFS - ok
07:36:19.0663 5016 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:36:19.0663 5016 ehRecvr - ok
07:36:19.0679 5016 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:36:19.0679 5016 ehSched - ok
07:36:19.0695 5016 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
07:36:19.0695 5016 elxstor - ok
07:36:19.0710 5016 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:36:19.0726 5016 ErrDev - ok
07:36:19.0757 5016 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:36:19.0757 5016 EventSystem - ok
07:36:19.0773 5016 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:36:19.0788 5016 exfat - ok
07:36:19.0804 5016 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:36:19.0804 5016 fastfat - ok
07:36:19.0851 5016 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:36:19.0851 5016 Fax - ok
07:36:19.0866 5016 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
07:36:19.0866 5016 fdc - ok
07:36:19.0897 5016 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:36:19.0897 5016 fdPHost - ok
07:36:19.0913 5016 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:36:19.0913 5016 FDResPub - ok
07:36:19.0929 5016 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:36:19.0929 5016 FileInfo - ok
07:36:19.0960 5016 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:36:19.0960 5016 Filetrace - ok
07:36:19.0975 5016 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
07:36:19.0975 5016 flpydisk - ok
07:36:19.0991 5016 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:36:20.0007 5016 FltMgr - ok
07:36:20.0038 5016 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:36:20.0053 5016 FontCache - ok
07:36:20.0085 5016 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:36:20.0085 5016 FontCache3.0.0.0 - ok
07:36:20.0100 5016 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:36:20.0100 5016 FsDepends - ok
07:36:20.0131 5016 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:36:20.0131 5016 Fs_Rec - ok
07:36:20.0147 5016 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:36:20.0147 5016 fvevol - ok
07:36:20.0163 5016 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
07:36:20.0163 5016 gagp30kx - ok
07:36:20.0194 5016 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:36:20.0194 5016 gpsvc - ok
07:36:20.0209 5016 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:36:20.0209 5016 hcw85cir - ok
07:36:20.0256 5016 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:36:20.0272 5016 HdAudAddService - ok
07:36:20.0287 5016 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:36:20.0287 5016 HDAudBus - ok
07:36:20.0303 5016 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
07:36:20.0303 5016 HidBatt - ok
07:36:20.0319 5016 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
07:36:20.0319 5016 HidBth - ok
07:36:20.0350 5016 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:36:20.0350 5016 HidIr - ok
07:36:20.0381 5016 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
07:36:20.0381 5016 hidserv - ok
07:36:20.0412 5016 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:36:20.0412 5016 HidUsb - ok
07:36:20.0443 5016 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:36:20.0443 5016 hkmsvc - ok
07:36:20.0459 5016 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:36:20.0475 5016 HomeGroupListener - ok
07:36:20.0506 5016 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:36:20.0506 5016 HomeGroupProvider - ok
07:36:20.0537 5016 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:36:20.0537 5016 HpSAMD - ok
07:36:20.0568 5016 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:36:20.0568 5016 HTTP - ok
07:36:20.0584 5016 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:36:20.0584 5016 hwpolicy - ok
07:36:20.0600 5016 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:36:20.0600 5016 i8042prt - ok
07:36:20.0646 5016 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:36:20.0646 5016 iaStorV - ok
07:36:20.0709 5016 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:36:20.0709 5016 idsvc - ok
07:36:20.0724 5016 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
07:36:20.0724 5016 iirsp - ok
07:36:20.0771 5016 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:36:20.0771 5016 IKEEXT - ok
07:36:20.0787 5016 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:36:20.0787 5016 intelide - ok
07:36:20.0818 5016 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:36:20.0818 5016 intelppm - ok
07:36:20.0834 5016 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:36:20.0834 5016 IPBusEnum - ok
07:36:20.0865 5016 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:36:20.0865 5016 IpFilterDriver - ok
07:36:20.0896 5016 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:36:20.0896 5016 iphlpsvc - ok
07:36:20.0912 5016 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:36:20.0912 5016 IPMIDRV - ok
07:36:20.0927 5016 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:36:20.0927 5016 IPNAT - ok
07:36:20.0958 5016 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:36:20.0958 5016 IRENUM - ok
07:36:20.0974 5016 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:36:20.0974 5016 isapnp - ok
07:36:20.0990 5016 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:36:21.0005 5016 iScsiPrt - ok
07:36:21.0021 5016 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:36:21.0021 5016 kbdclass - ok
07:36:21.0036 5016 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:36:21.0036 5016 kbdhid - ok
07:36:21.0068 5016 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:36:21.0068 5016 KeyIso - ok
07:36:21.0099 5016 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:36:21.0099 5016 KSecDD - ok
07:36:21.0114 5016 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:36:21.0114 5016 KSecPkg - ok
07:36:21.0130 5016 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:36:21.0130 5016 ksthunk - ok
07:36:21.0161 5016 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:36:21.0177 5016 KtmRm - ok
07:36:21.0208 5016 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
07:36:21.0208 5016 LanmanServer - ok
07:36:21.0239 5016 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:36:21.0239 5016 LanmanWorkstation - ok
07:36:21.0270 5016 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:36:21.0270 5016 lltdio - ok
07:36:21.0317 5016 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:36:21.0317 5016 lltdsvc - ok
07:36:21.0333 5016 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:36:21.0333 5016 lmhosts - ok
07:36:21.0364 5016 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
07:36:21.0364 5016 LSI_FC - ok
07:36:21.0395 5016 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
07:36:21.0395 5016 LSI_SAS - ok
07:36:21.0411 5016 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
07:36:21.0411 5016 LSI_SAS2 - ok
07:36:21.0426 5016 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
07:36:21.0426 5016 LSI_SCSI - ok
07:36:21.0458 5016 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:36:21.0458 5016 luafv - ok
07:36:21.0489 5016 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
07:36:21.0489 5016 MBAMProtector - ok
07:36:21.0551 5016 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:36:21.0551 5016 MBAMService - ok
07:36:21.0582 5016 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:36:21.0582 5016 Mcx2Svc - ok
07:36:21.0598 5016 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
07:36:21.0598 5016 megasas - ok
07:36:21.0629 5016 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
07:36:21.0645 5016 MegaSR - ok
07:36:21.0676 5016 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:36:21.0676 5016 MMCSS - ok
07:36:21.0692 5016 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:36:21.0692 5016 Modem - ok
07:36:21.0723 5016 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:36:21.0723 5016 monitor - ok
07:36:21.0738 5016 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:36:21.0738 5016 mouclass - ok
07:36:21.0785 5016 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:36:21.0785 5016 mouhid - ok
07:36:21.0785 5016 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:36:21.0801 5016 mountmgr - ok
07:36:21.0816 5016 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:36:21.0816 5016 mpio - ok
07:36:21.0832 5016 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:36:21.0832 5016 mpsdrv - ok
07:36:21.0863 5016 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:36:21.0863 5016 MpsSvc - ok
07:36:21.0894 5016 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:36:21.0894 5016 MRxDAV - ok
07:36:21.0926 5016 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:36:21.0926 5016 mrxsmb - ok
07:36:21.0957 5016 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:36:21.0957 5016 mrxsmb10 - ok
07:36:21.0972 5016 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:36:21.0972 5016 mrxsmb20 - ok
07:36:22.0004 5016 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:36:22.0004 5016 msahci - ok
07:36:22.0019 5016 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:36:22.0019 5016 msdsm - ok
07:36:22.0050 5016 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:36:22.0066 5016 MSDTC - ok
07:36:22.0097 5016 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:36:22.0097 5016 Msfs - ok
07:36:22.0113 5016 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:36:22.0113 5016 mshidkmdf - ok
07:36:22.0144 5016 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:36:22.0144 5016 msisadrv - ok
07:36:22.0160 5016 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:36:22.0175 5016 MSiSCSI - ok
07:36:22.0175 5016 msiserver - ok
07:36:22.0206 5016 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:36:22.0206 5016 MSKSSRV - ok
07:36:22.0238 5016 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:36:22.0238 5016 MSPCLOCK - ok
07:36:22.0253 5016 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:36:22.0253 5016 MSPQM - ok
07:36:22.0269 5016 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:36:22.0269 5016 MsRPC - ok
07:36:22.0284 5016 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:36:22.0284 5016 mssmbios - ok
07:36:22.0300 5016 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:36:22.0300 5016 MSTEE - ok
07:36:22.0316 5016 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
07:36:22.0316 5016 MTConfig - ok
07:36:22.0347 5016 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:36:22.0347 5016 Mup - ok
07:36:22.0378 5016 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:36:22.0378 5016 napagent - ok
07:36:22.0409 5016 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:36:22.0409 5016 NativeWifiP - ok
07:36:22.0487 5016 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
07:36:22.0487 5016 NAUpdate - ok
07:36:22.0503 5016 NBVol (7b2d90bbbbed11c8dfba441d34ae901e) C:\Windows\system32\DRIVERS\NBVol.sys
07:36:22.0503 5016 NBVol - ok
07:36:22.0518 5016 NBVolUp (4fe7b5757279d82c4d171e9f7fd52a75) C:\Windows\system32\DRIVERS\NBVolUp.sys
07:36:22.0518 5016 NBVolUp - ok
07:36:22.0565 5016 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:36:22.0565 5016 NDIS - ok
07:36:22.0581 5016 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:36:22.0581 5016 NdisCap - ok
07:36:22.0628 5016 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:36:22.0628 5016 NdisTapi - ok
07:36:22.0659 5016 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:36:22.0659 5016 Ndisuio - ok
07:36:22.0674 5016 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:36:22.0674 5016 NdisWan - ok
07:36:22.0690 5016 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:36:22.0690 5016 NDProxy - ok
07:36:22.0706 5016 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:36:22.0706 5016 NetBIOS - ok
07:36:22.0721 5016 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:36:22.0721 5016 NetBT - ok
07:36:22.0737 5016 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:36:22.0737 5016 Netlogon - ok
07:36:22.0784 5016 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:36:22.0784 5016 Netman - ok
07:36:22.0799 5016 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:36:22.0799 5016 netprofm - ok
07:36:22.0846 5016 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:36:22.0846 5016 NetTcpPortSharing - ok
07:36:22.0877 5016 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
07:36:22.0877 5016 nfrd960 - ok
07:36:22.0908 5016 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:36:22.0924 5016 NlaSvc - ok
07:36:22.0940 5016 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:36:22.0940 5016 Npfs - ok
07:36:22.0955 5016 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:36:22.0955 5016 nsi - ok
07:36:22.0971 5016 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:36:22.0971 5016 nsiproxy - ok
07:36:23.0033 5016 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:36:23.0033 5016 Ntfs - ok
07:36:23.0064 5016 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:36:23.0064 5016 Null - ok
07:36:23.0096 5016 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:36:23.0096 5016 nvraid - ok
07:36:23.0127 5016 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:36:23.0127 5016 nvstor - ok
07:36:23.0158 5016 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:36:23.0158 5016 nv_agp - ok
07:36:23.0174 5016 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:36:23.0174 5016 ohci1394 - ok
07:36:23.0205 5016 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:36:23.0205 5016 p2pimsvc - ok
07:36:23.0236 5016 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:36:23.0236 5016 p2psvc - ok
07:36:23.0267 5016 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
07:36:23.0267 5016 Parport - ok
07:36:23.0283 5016 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:36:23.0283 5016 partmgr - ok
07:36:23.0298 5016 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:36:23.0298 5016 PcaSvc - ok
07:36:23.0330 5016 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:36:23.0330 5016 pci - ok
07:36:23.0345 5016 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:36:23.0345 5016 pciide - ok
07:36:23.0376 5016 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
07:36:23.0376 5016 pcmcia - ok
07:36:23.0408 5016 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:36:23.0408 5016 pcw - ok
07:36:23.0423 5016 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:36:23.0423 5016 PEAUTH - ok
07:36:23.0486 5016 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:36:23.0486 5016 PerfHost - ok
07:36:23.0532 5016 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:36:23.0548 5016 pla - ok
07:36:23.0595 5016 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:36:23.0595 5016 PlugPlay - ok
07:36:23.0610 5016 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:36:23.0610 5016 PNRPAutoReg - ok
07:36:23.0642 5016 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:36:23.0642 5016 PNRPsvc - ok
07:36:23.0688 5016 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:36:23.0688 5016 PolicyAgent - ok
07:36:23.0720 5016 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:36:23.0720 5016 Power - ok
07:36:23.0751 5016 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:36:23.0751 5016 PptpMiniport - ok
07:36:23.0782 5016 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
07:36:23.0782 5016 Processor - ok
07:36:23.0813 5016 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:36:23.0813 5016 ProfSvc - ok
07:36:23.0844 5016 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:36:23.0844 5016 ProtectedStorage - ok
07:36:23.0876 5016 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:36:23.0876 5016 Psched - ok
07:36:23.0922 5016 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
07:36:23.0938 5016 ql2300 - ok
07:36:23.0954 5016 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
07:36:23.0954 5016 ql40xx - ok
07:36:23.0969 5016 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:36:23.0969 5016 QWAVE - ok
07:36:24.0000 5016 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:36:24.0000 5016 QWAVEdrv - ok
07:36:24.0016 5016 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:36:24.0016 5016 RasAcd - ok
07:36:24.0047 5016 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:36:24.0047 5016 RasAgileVpn - ok
07:36:24.0078 5016 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:36:24.0094 5016 RasAuto - ok
07:36:24.0110 5016 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:36:24.0110 5016 Rasl2tp - ok
07:36:24.0141 5016 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:36:24.0141 5016 RasMan - ok
07:36:24.0172 5016 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:36:24.0172 5016 RasPppoe - ok
07:36:24.0188 5016 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:36:24.0188 5016 RasSstp - ok
07:36:24.0203 5016 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:36:24.0203 5016 rdbss - ok
07:36:24.0219 5016 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
07:36:24.0219 5016 rdpbus - ok
07:36:24.0234 5016 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:36:24.0234 5016 RDPCDD - ok
07:36:24.0266 5016 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:36:24.0266 5016 RDPENCDD - ok
07:36:24.0281 5016 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:36:24.0281 5016 RDPREFMP - ok
07:36:24.0312 5016 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
07:36:24.0312 5016 RDPWD - ok
07:36:24.0344 5016 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:36:24.0344 5016 rdyboost - ok
07:36:24.0375 5016 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:36:24.0375 5016 RemoteAccess - ok
07:36:24.0406 5016 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:36:24.0406 5016 RemoteRegistry - ok
07:36:24.0422 5016 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:36:24.0437 5016 RpcEptMapper - ok
07:36:24.0453 5016 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:36:24.0453 5016 RpcLocator - ok
07:36:24.0484 5016 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:36:24.0484 5016 RpcSs - ok
07:36:24.0500 5016 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:36:24.0500 5016 rspndr - ok
07:36:24.0546 5016 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:36:24.0546 5016 RTL8167 - ok
07:36:24.0578 5016 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:36:24.0578 5016 SamSs - ok
07:36:24.0624 5016 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:36:24.0624 5016 SASDIFSV - ok
07:36:24.0640 5016 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:36:24.0640 5016 SASKUTIL - ok
07:36:24.0671 5016 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:36:24.0671 5016 sbp2port - ok
07:36:24.0702 5016 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:36:24.0702 5016 SCardSvr - ok
07:36:24.0718 5016 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:36:24.0718 5016 scfilter - ok
07:36:24.0749 5016 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:36:24.0765 5016 Schedule - ok
07:36:24.0796 5016 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:36:24.0796 5016 SCPolicySvc - ok
07:36:24.0812 5016 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:36:24.0812 5016 SDRSVC - ok
07:36:24.0843 5016 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:36:24.0843 5016 secdrv - ok
07:36:24.0874 5016 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:36:24.0874 5016 seclogon - ok
07:36:24.0905 5016 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
07:36:24.0905 5016 SENS - ok
07:36:24.0921 5016 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:36:24.0921 5016 SensrSvc - ok
07:36:24.0952 5016 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
07:36:24.0952 5016 Serenum - ok
07:36:24.0983 5016 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
07:36:24.0983 5016 Serial - ok
07:36:24.0999 5016 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
07:36:24.0999 5016 sermouse - ok
07:36:25.0030 5016 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:36:25.0030 5016 SessionEnv - ok
07:36:25.0046 5016 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:36:25.0046 5016 sffdisk - ok
07:36:25.0061 5016 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:36:25.0061 5016 sffp_mmc - ok
07:36:25.0092 5016 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:36:25.0092 5016 sffp_sd - ok
07:36:25.0108 5016 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
07:36:25.0108 5016 sfloppy - ok
07:36:25.0139 5016 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:36:25.0139 5016 SharedAccess - ok
07:36:25.0170 5016 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:36:25.0170 5016 ShellHWDetection - ok
07:36:25.0202 5016 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
07:36:25.0202 5016 SiSRaid2 - ok
07:36:25.0217 5016 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
07:36:25.0217 5016 SiSRaid4 - ok
07:36:25.0248 5016 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:36:25.0248 5016 Smb - ok
07:36:25.0295 5016 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:36:25.0311 5016 SNMPTRAP - ok
07:36:25.0326 5016 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:36:25.0326 5016 spldr - ok
07:36:25.0358 5016 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:36:25.0358 5016 Spooler - ok
07:36:25.0420 5016 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:36:25.0451 5016 sppsvc - ok
07:36:25.0467 5016 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:36:25.0467 5016 sppuinotify - ok
07:36:25.0498 5016 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:36:25.0498 5016 srv - ok
07:36:25.0514 5016 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:36:25.0529 5016 srv2 - ok
07:36:25.0545 5016 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:36:25.0545 5016 srvnet - ok
07:36:25.0576 5016 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:36:25.0576 5016 SSDPSRV - ok
07:36:25.0592 5016 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:36:25.0592 5016 SstpSvc - ok
07:36:25.0623 5016 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
07:36:25.0623 5016 stexstor - ok
07:36:25.0654 5016 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:36:25.0654 5016 stisvc - ok
07:36:25.0685 5016 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:36:25.0685 5016 swenum - ok
07:36:25.0701 5016 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:36:25.0716 5016 swprv - ok
07:36:25.0748 5016 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:36:25.0763 5016 SysMain - ok
07:36:25.0779 5016 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:36:25.0779 5016 TabletInputService - ok
07:36:25.0794 5016 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:36:25.0794 5016 TapiSrv - ok
07:36:25.0810 5016 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:36:25.0810 5016 TBS - ok
07:36:25.0872 5016 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:36:25.0872 5016 Tcpip - ok
07:36:25.0919 5016 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:36:25.0935 5016 TCPIP6 - ok
07:36:25.0966 5016 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:36:25.0966 5016 tcpipreg - ok
07:36:25.0982 5016 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:36:25.0982 5016 TDPIPE - ok
07:36:26.0013 5016 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:36:26.0013 5016 TDTCP - ok
07:36:26.0044 5016 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:36:26.0044 5016 tdx - ok
07:36:26.0075 5016 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
07:36:26.0075 5016 TermDD - ok
07:36:26.0106 5016 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:36:26.0122 5016 TermService - ok
07:36:26.0138 5016 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:36:26.0138 5016 Themes - ok
07:36:26.0169 5016 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:36:26.0169 5016 THREADORDER - ok
07:36:26.0184 5016 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:36:26.0184 5016 TrkWks - ok
07:36:26.0216 5016 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:36:26.0231 5016 TrustedInstaller - ok
07:36:26.0247 5016 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:36:26.0247 5016 tssecsrv - ok
07:36:26.0278 5016 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:36:26.0278 5016 TsUsbFlt - ok
07:36:26.0309 5016 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
07:36:26.0309 5016 TsUsbGD - ok
07:36:26.0340 5016 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:36:26.0340 5016 tunnel - ok
07:36:26.0356 5016 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
07:36:26.0356 5016 uagp35 - ok
07:36:26.0387 5016 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:36:26.0387 5016 udfs - ok
07:36:26.0418 5016 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:36:26.0418 5016 UI0Detect - ok
07:36:26.0450 5016 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:36:26.0450 5016 uliagpkx - ok
07:36:26.0465 5016 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
07:36:26.0465 5016 umbus - ok
07:36:26.0496 5016 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
07:36:26.0496 5016 UmPass - ok
07:36:26.0528 5016 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:36:26.0528 5016 upnphost - ok
07:36:26.0559 5016 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
07:36:26.0559 5016 usbccgp - ok
07:36:26.0574 5016 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
07:36:26.0574 5016 usbcir - ok
07:36:26.0606 5016 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:36:26.0606 5016 usbehci - ok
07:36:26.0621 5016 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:36:26.0621 5016 usbhub - ok
07:36:26.0652 5016 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:36:26.0652 5016 usbohci - ok
07:36:26.0668 5016 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
07:36:26.0668 5016 usbprint - ok
07:36:26.0699 5016 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
07:36:26.0699 5016 USBSTOR - ok
07:36:26.0715 5016 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
07:36:26.0715 5016 usbuhci - ok
07:36:26.0730 5016 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:36:26.0746 5016 UxSms - ok
07:36:26.0762 5016 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:36:26.0762 5016 VaultSvc - ok
07:36:26.0793 5016 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:36:26.0793 5016 vdrvroot - ok
07:36:26.0824 5016 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:36:26.0824 5016 vds - ok
07:36:26.0840 5016 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:36:26.0840 5016 vga - ok
07:36:26.0871 5016 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:36:26.0871 5016 VgaSave - ok
07:36:26.0886 5016 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:36:26.0886 5016 vhdmp - ok
07:36:26.0918 5016 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:36:26.0918 5016 viaide - ok
07:36:26.0949 5016 VideoAcceleratorService - ok
07:36:26.0980 5016 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:36:26.0980 5016 volmgr - ok
07:36:26.0996 5016 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:36:26.0996 5016 volmgrx - ok
07:36:27.0011 5016 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:36:27.0027 5016 volsnap - ok
07:36:27.0027 5016 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
07:36:27.0042 5016 vsmraid - ok
07:36:27.0074 5016 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:36:27.0089 5016 VSS - ok
07:36:27.0120 5016 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:36:27.0120 5016 vwifibus - ok
07:36:27.0152 5016 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:36:27.0152 5016 W32Time - ok
07:36:27.0183 5016 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
07:36:27.0183 5016 WacomPen - ok
07:36:27.0198 5016 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:36:27.0198 5016 WANARP - ok
07:36:27.0198 5016 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:36:27.0198 5016 Wanarpv6 - ok
07:36:27.0261 5016 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:36:27.0261 5016 WatAdminSvc - ok
07:36:27.0308 5016 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:36:27.0308 5016 wbengine - ok
07:36:27.0339 5016 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:36:27.0339 5016 WbioSrvc - ok
07:36:27.0354 5016 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:36:27.0370 5016 wcncsvc - ok
07:36:27.0386 5016 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:36:27.0386 5016 WcsPlugInService - ok
07:36:27.0417 5016 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
07:36:27.0417 5016 Wd - ok
07:36:27.0432 5016 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:36:27.0432 5016 Wdf01000 - ok
07:36:27.0464 5016 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:36:27.0464 5016 WdiServiceHost - ok
07:36:27.0464 5016 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:36:27.0464 5016 WdiSystemHost - ok
07:36:27.0495 5016 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:36:27.0495 5016 WebClient - ok
07:36:27.0510 5016 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:36:27.0526 5016 Wecsvc - ok
07:36:27.0542 5016 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:36:27.0542 5016 wercplsupport - ok
07:36:27.0557 5016 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:36:27.0557 5016 WerSvc - ok
07:36:27.0588 5016 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:36:27.0588 5016 WfpLwf - ok
07:36:27.0604 5016 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:36:27.0604 5016 WIMMount - ok
07:36:27.0620 5016 WinDefend - ok
07:36:27.0620 5016 WinHttpAutoProxySvc - ok
07:36:27.0666 5016 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:36:27.0666 5016 Winmgmt - ok
07:36:27.0713 5016 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:36:27.0729 5016 WinRM - ok
07:36:27.0760 5016 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:36:27.0776 5016 Wlansvc - ok
07:36:27.0869 5016 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:36:27.0885 5016 wlidsvc - ok
07:36:27.0900 5016 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:36:27.0900 5016 WmiAcpi - ok
07:36:27.0916 5016 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:36:27.0932 5016 wmiApSrv - ok
07:36:27.0932 5016 WMPNetworkSvc - ok
07:36:27.0963 5016 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:36:27.0963 5016 WPCSvc - ok
07:36:27.0978 5016 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:36:27.0994 5016 WPDBusEnum - ok
07:36:28.0010 5016 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:36:28.0010 5016 ws2ifsl - ok
07:36:28.0025 5016 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
07:36:28.0025 5016 wscsvc - ok
07:36:28.0041 5016 WSearch - ok
07:36:28.0088 5016 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:36:28.0103 5016 wuauserv - ok
07:36:28.0119 5016 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:36:28.0119 5016 WudfPf - ok
07:36:28.0150 5016 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:36:28.0150 5016 WUDFRd - ok
07:36:28.0166 5016 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:36:28.0181 5016 wudfsvc - ok
07:36:28.0197 5016 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:36:28.0197 5016 WwanSvc - ok
07:36:28.0228 5016 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:36:28.0290 5016 \Device\Harddisk0\DR0 - ok
07:36:28.0290 5016 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
07:36:28.0322 5016 \Device\Harddisk1\DR1 - ok
07:36:28.0322 5016 Boot (0x1200) (5234ae11b1deb42dd29e125ea95d971c) \Device\Harddisk0\DR0\Partition0
07:36:28.0322 5016 \Device\Harddisk0\DR0\Partition0 - ok
07:36:28.0337 5016 Boot (0x1200) (42b1f8df0d13048b2ce695e1523d4a06) \Device\Harddisk0\DR0\Partition1
07:36:28.0337 5016 \Device\Harddisk0\DR0\Partition1 - ok
07:36:28.0337 5016 ============================================================
07:36:28.0337 5016 Scan finished
07:36:28.0337 5016 ============================================================
07:36:28.0337 1764 Detected object count: 0
07:36:28.0337 1764 Actual detected object count: 0

-aswMBR Log-

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 07:38:15
-----------------------------
07:38:15.818 OS Version: Windows x64 6.1.7601 Service Pack 1
07:38:15.818 Number of processors: 8 586 0x1A05
07:38:15.818 ComputerName: JANET-PC UserName: janet
07:38:19.843 Initialize success
07:52:38.335 AVAST engine defs: 12041100
07:54:04.452 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:54:04.468 Disk 0 Vendor: ST315003 CC4G Size: 1430799MB BusType: 8
07:54:04.468 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
07:54:04.468 Disk 1 Vendor: ST315003 CC4G Size: 1430799MB BusType: 8
07:54:04.483 Disk 0 MBR read successfully
07:54:04.483 Disk 0 MBR scan
07:54:04.483 Disk 0 Windows 7 default MBR code
07:54:04.499 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:54:04.515 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
07:54:04.546 Disk 0 scanning C:\Windows\system32\drivers
07:54:11.956 Service scanning
07:54:24.155 Modules scanning
07:54:24.155 Disk 0 trace - called modules:
07:54:24.186 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
07:54:24.202 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800adbc790]
07:54:24.202 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab3d050]
07:54:27.478 AVAST engine scan C:\Windows
07:54:34.279 AVAST engine scan C:\Windows\system32
07:56:49.890 AVAST engine scan C:\Windows\system32\drivers
07:57:04.648 AVAST engine scan C:\Users\janet
07:57:31.543 AVAST engine scan C:\ProgramData
07:57:41.683 Scan finished successfully
07:58:57.935 Disk 0 MBR has been saved successfully to "C:\Users\janet\Desktop\MBR.dat"
07:58:57.935 The log file has been saved successfully to "C:\Users\janet\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:03 PM

Posted 11 April 2012 - 09:10 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jan3847

jan3847
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 April 2012 - 09:23 AM

-no problems
-Computer works very good, but since we reported to you the first time adobe has slowed down on loading, but atleast it still loads, my last post adobe loading has slowed a bit also

-Combo Fix Log-

ComboFix 12-04-11.01 - janet 04/11/2012 8:16.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9986 [GMT -6:00]
Running from: c:\users\janet\Desktop\ComboFix.exe
Command switches used :: c:\users\janet\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 14:18 . 2012-04-11 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 08:41 . 2012-04-11 08:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91FA1E37-F345-4B6D-A945-5CF2844DF574}\offreg.dll
2012-04-10 14:42 . 2012-04-10 14:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-10 08:10 . 2012-03-20 09:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91FA1E37-F345-4B6D-A945-5CF2844DF574}\mpengine.dll
2012-04-10 05:42 . 2012-04-10 05:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-10 04:49 . 2012-04-10 04:49 -------- d-----w- c:\programdata\Grisoft
2012-04-10 02:54 . 2012-04-10 02:54 -------- d-----w- c:\programdata\Speedbit
2012-04-10 02:49 . 2012-04-10 02:49 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-10 02:25 . 2012-04-10 02:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-10 02:24 . 2012-04-10 05:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-04-09 23:53 . 2012-04-09 23:53 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-04-09 22:42 . 2012-04-10 01:49 -------- d-----w- c:\programdata\Lavasoft
2012-04-09 22:42 . 2012-04-09 22:42 -------- d-----w- c:\program files (x86)\Lavasoft
2012-04-03 01:38 . 2012-04-03 01:38 -------- d-----w- c:\program files (x86)\MSECache
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-03 00:10 . 2012-04-03 00:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-03 00:10 . 2012-04-03 00:10 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-03 00:10 . 2012-04-03 00:10 -------- d-----w- c:\programdata\Apple Computer
2012-04-03 00:09 . 2012-04-03 00:09 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-04-03 00:09 . 2012-04-03 00:09 -------- d-----w- c:\programdata\Apple
2012-04-03 00:09 . 2012-04-03 00:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\programdata\ATI
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\programdata\AMD
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-02 23:11 . 2012-04-02 23:11 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-02 23:10 . 2012-04-02 23:10 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-04-02 23:10 . 2012-04-02 23:11 -------- d-----w- c:\program files\ATI Technologies
2012-04-02 23:09 . 2012-04-02 23:09 -------- d-----w- c:\program files\ATI
2012-04-02 19:28 . 2012-04-02 19:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-02 18:40 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-02 18:40 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-02 18:40 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-02 15:44 . 2012-04-11 14:18 -------- d-----w- c:\programdata\Bitmeter2
2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\program files (x86)\Codebox
2012-04-02 14:37 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-04-02 14:37 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-04-02 14:37 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-04-02 14:37 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-04-02 14:37 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-04-02 14:37 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-04-02 14:37 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-04-02 14:37 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-04-02 14:37 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-04-02 14:37 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-04-02 14:37 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-04-02 14:36 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-04-02 14:36 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-02 14:36 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-04-02 14:36 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-04-02 14:36 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-04-02 14:36 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-04-02 14:36 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-04-02 12:02 . 2012-04-02 13:49 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-04-02 12:01 . 2012-04-02 12:09 -------- d-----w- c:\programdata\Nero
2012-04-02 11:57 . 2011-07-13 19:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-04-02 11:56 . 2012-04-10 01:49 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-02 11:56 . 2012-04-02 12:09 -------- d-----w- c:\program files (x86)\Nero
2012-04-02 11:56 . 2011-07-13 19:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-04-02 11:52 . 2012-04-02 11:52 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-02 11:50 . 2010-05-26 17:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-04-02 11:50 . 2010-05-26 17:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-04-02 11:50 . 2010-05-26 17:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-04-02 11:50 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-04-02 11:50 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-04-02 11:49 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-04-02 11:49 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-04-02 11:48 . 2008-10-15 12:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-04-02 11:48 . 2007-07-20 00:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-04-02 11:47 . 2007-05-16 22:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-04-02 10:36 . 2012-04-02 10:36 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-02 10:36 . 2012-04-02 10:36 -------- d-----w- c:\windows\system32\Wat
2012-04-02 10:30 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 10:30 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 10:30 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 09:14 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-04-02 09:14 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-04-02 09:14 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-04-02 09:14 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-04-02 09:11 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-04-02 09:10 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-02 09:10 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-02 09:10 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-02 09:10 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-02 09:10 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-02 09:10 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-02 09:10 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-02 09:10 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-04-02 09:10 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-04-02 09:10 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-04-02 09:10 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-04-02 09:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-02 09:07 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-04-02 09:07 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-02 09:07 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-04-02 09:07 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-02 09:07 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-02 09:07 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-02 09:07 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-02 09:07 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-02 09:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-02 09:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-02 09:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-02 09:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-02 00:34 . 2012-04-02 00:34 -------- d-----w- c:\program files (x86)\Avira
2012-04-02 00:34 . 2012-04-02 00:25 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-02 00:34 . 2012-04-02 00:25 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-02 00:34 . 2012-04-02 00:25 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-02 00:34 . 2012-04-02 00:25 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-04-02 00:34 . 2012-04-02 00:25 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-04-01 21:39 . 2012-04-01 21:39 -------- d-----w- c:\program files (x86)\SpeedBit Video Accelerator
2012-04-01 21:34 . 2012-04-01 21:34 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-04-01 21:34 . 2012-04-01 21:34 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-01 21:34 . 2012-04-01 21:34 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-01 21:34 . 2012-04-01 21:34 -------- d-----w- c:\program files (x86)\Real
2012-04-01 19:47 . 2012-04-01 19:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-01 19:47 . 2012-04-01 19:47 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 19:47 . 2012-04-01 19:47 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-01 19:47 . 2012-04-01 19:47 -------- d-----w- c:\windows\system32\Macromed
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 17:28 . 2011-03-29 00:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-09 07:26 . 2012-03-09 07:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 07:26 . 2012-03-09 07:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 07:26 . 2012-03-09 07:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 07:26 . 2012-03-09 07:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 07:26 . 2012-03-09 07:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 07:25 . 2012-03-09 07:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 07:24 . 2012-03-09 07:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 07:24 . 2012-03-09 07:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2011-11-10 09:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2011-11-10 09:15 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2011-11-10 09:06 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2011-11-10 08:51 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2011-11-10 08:11 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2011-11-10 08:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-11-10 08:18 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-09 00:50 . 2012-03-09 00:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 13:02 . 2012-01-31 13:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 13:00 . 2012-01-31 13:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-04-01 296056]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-04-02 258512]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files (x86)\Codebox\BitMeter\BitMeter2.exe [2010-8-28 1462272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2012-04-01 265928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-04-02 342480]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-04-02 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-04-02 463824]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 48926852
*NewlyCreated* - ASWMBR
*Deregistered* - 48926852
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:47]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109032702-2260647455-2936552958-1000Core.job
- c:\users\janet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 03:10]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109032702-2260647455-2936552958-1000UA.job
- c:\users\janet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 03:10]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://startpage.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-11 08:19:24
ComboFix-quarantined-files.txt 2012-04-11 14:19
ComboFix2.txt 2012-04-11 12:50
.
Pre-Run: 1,444,168,683,520 bytes free
Post-Run: 1,444,228,542,464 bytes free
.
- - End Of File - - 9C0E7B24D8A3E8F7A50AA271EDF52EAB

Edited by jan3847, 11 April 2012 - 09:26 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:03 PM

Posted 11 April 2012 - 09:51 AM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jan3847

jan3847
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 April 2012 - 10:49 AM

-no problems
-adobe loaded about the same speed, nothing ahs really changed

-MBAM Log-

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
janet :: JANET-PC [administrator]

Protection: Enabled

4/1/2012 7:31:09 PM
mbam-log-2012-04-01 (19-31-09).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248154
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-HijackThis Log-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:26 AM, on 4/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janet\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9116 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:03 PM

Posted 11 April 2012 - 11:11 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - Global Startup: Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jan3847

jan3847
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 April 2012 - 12:48 PM

I finished the scan (it found nothing) but I was unable to copy the results, it wasnt any where on the page, just a place to tick to uninstall, and the button finish? did I miss something?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:03 PM

Posted 11 April 2012 - 01:00 PM

Hello

if it found nothing then that is good for me - go ahead and uninstall it



Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jan3847

jan3847
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 11 April 2012 - 02:14 PM

Thank you very much for your help, there was improvment earlier, now its quite slow again, however we are wondering if it is our internet provider, as I just did a test and Download speed= .68 upload speed = .11 and ping = 962 MS, but to start with these fixes that you walked us through made a huge difference, and now we are wondering if it is our satalite internet, right now, as we cant get into adobe and youtube again (even though we are on the highest package).
P.S we will check over the next couple days in the morning ( the best internet time)and let you know the outcome. Thank you for your all of your help.
Janet




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users