Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

crypt.aqlw infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 Burtonrugbyman

Burtonrugbyman

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 06 May 2012 - 05:50 PM

Posted as a new thread from http://www.bleepingcomputer.com/forums/topic452624.html as requested

I am having problems running the new suite of programs suggested.

DeFogger runs but does not complete after clicking disable even after 30mins. It does produce this log almost immediately though

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:35 on 06/05/2012 (Steve)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

DDS also runs with a black window but does not complete after 45 mins

GMER will also run but the window which appears is greyed out and I cannot uncheck any of the boxes or press scan

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 06 May 2012 - 11:29 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Burtonrugbyman

Burtonrugbyman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 07 May 2012 - 08:25 AM

Hi Gringo,

No problems with running that

Here are the logs

Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpyHunter
TuneUp Companion 2.2.1
CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.3)
Mozilla Firefox (11.0.)
Mozilla Thunderbird (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgnsx.exe
``````````End of Log````````````


OTL logfile created on: 07/05/2012 14:19:28 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Steve\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 62.27% Memory free
6.50 Gb Paging File | 4.65 Gb Available in Paging File | 71.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 243.77 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive E: | 127.99 Gb Total Space | 83.96 Gb Free Space | 65.60% Space Free | Partition Type: NTFS
Drive F: | 61.93 Gb Total Space | 13.79 Gb Free Space | 22.27% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe (MyPoi World B.V.)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Windows\STK03N\STK03NM.exe (Syntek Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - \\.\globalroot\SystemRoot\system32\svchost.exe ()
PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()


========== Win32 Services (SafeList) ==========

SRV - (zppinger) -- %systemroot%\system32\isdrv120.dll File not found
SRV - (wintabservice) -- %systemroot%\system32\comhost.dll File not found
SRV - (wanminiportservice) -- %systemroot%\system32\pdrframe.dll File not found
SRV - (vhidmini) -- %systemroot%\system32\Ktp.dll File not found
SRV - (USBCCID) -- %systemroot%\system32\nHancer.dll File not found
SRV - (USA49W2KP) -- %systemroot%\system32\a8djusb.dll File not found
SRV - (USA49W) -- %systemroot%\system32\usprserv.dll File not found
SRV - (upsentry_smart) -- %systemroot%\system32\rdpdr.dll File not found
SRV - (UimBus) -- %systemroot%\system32\pop3d32.dll File not found
SRV - (tifmsony) -- %systemroot%\system32\tifmsony.dll File not found
SRV - (tavsvc) -- %systemroot%\system32\viaide.dll File not found
SRV - (tap0901) -- %systemroot%\system32\AmdIde.dll File not found
SRV - (StreamDispatcher) -- %systemroot%\system32\EMCFILT.dll File not found
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- %systemroot%\system32\LHidFilt.dll File not found
SRV - (spmd) -- %systemroot%\system32\asp.net.dll File not found
SRV - (smsmdd) -- %systemroot%\system32\MR97310_USB_DUAL_CAMERA.dll File not found
SRV - (smservaz) -- %systemroot%\system32\ashampoodefragservice.dll File not found
SRV - (siswlsvc) -- %systemroot%\system32\merakpop3.dll File not found
SRV - (sfvfs02) -- %systemroot%\system32\Intel_MIPMNMP.dll File not found
SRV - (SE2Bmdm) -- %systemroot%\system32\nchssvad.dll File not found
SRV - (SE26obex) -- %systemroot%\system32\tm_cfw.dll File not found
SRV - (SE26mgmt) -- %systemroot%\system32\DfwWebAgent.dll File not found
SRV - (ScFBPNT2) -- %systemroot%\system32\unrealircd.dll File not found
SRV - (sbiesvc) -- %systemroot%\system32\Tablet2k.dll File not found
SRV - (SaiNtSub) -- %systemroot%\system32\nimcrpcsu.dll File not found
SRV - (s616mdm) -- %systemroot%\system32\ErrDev.dll File not found
SRV - (s125bus) -- %systemroot%\system32\iviregmgr.dll File not found
SRV - (s117mdm) -- %systemroot%\system32\tunnelguardservice.dll File not found
SRV - (ROB_V) -- %systemroot%\system32\int15.sys.dll File not found
SRV - (pinetmgr) -- %systemroot%\system32\SrvcEPIOMngr.dll File not found
SRV - (pdlnatdl) -- %systemroot%\system32\uscbs108.dll File not found
SRV - (PCASp50) -- %systemroot%\system32\atimpab.dll File not found
SRV - (Packet) -- %systemroot%\system32\dot4print.dll File not found
SRV - (oraclesnmppeermasteragent) -- %systemroot%\system32\tavsvc.dll File not found
SRV - (NWUSBPort) -- %systemroot%\system32\npfmntor.dll File not found
SRV - (NuidFltr) -- %systemroot%\system32\smservaz.dll File not found
SRV - (netddedsdm) -- %systemroot%\system32\palmusbd.dll File not found
SRV - (mps9) -- %systemroot%\system32\whoisd32.dll File not found
SRV - (mnmdd) -- %systemroot%\system32\mi-raysat_3dsmax9_32.dll File not found
SRV - (mferkdk) -- %systemroot%\system32\DCamUSBMke.dll File not found
SRV - (mcsysmon) -- %systemroot%\system32\oracleorahomeclientcache.dll File not found
SRV - (mcredirector) -- %systemroot%\system32\omniserv.dll File not found
SRV - (mcp) -- %systemroot%\system32\ptilink.dll File not found
SRV - (JiaoCap) -- %systemroot%\system32\elnkservice.dll File not found
SRV - (InCDsrvR) -- %systemroot%\system32\ino_fltr.dll File not found
SRV - (iaimtv2) -- %systemroot%\system32\isdrv122.dll File not found
SRV - (hwpsgt) -- %systemroot%\system32\revudfservice.dll File not found
SRV - (hpdskflt) -- %systemroot%\system32\a016bus.dll File not found
SRV - (GTSCSER) -- %systemroot%\system32\SWNC5E00.dll File not found
SRV - (F700iob) -- %systemroot%\system32\iaimtv4.dll File not found
SRV - (erecoveryservice) -- %systemroot%\system32\cfosspeeds.dll File not found
SRV - (epstnt01) -- %systemroot%\system32\pcradminserver.dll File not found
SRV - (elockservice) -- %systemroot%\system32\nvidesm.dll File not found
SRV - (EhttpSrv) -- %systemroot%\system32\incdrec.dll File not found
SRV - (DSXUSB) -- %systemroot%\system32\Atmuni.dll File not found
SRV - (dsbrokerservice) -- %systemroot%\system32\nimcdfxk.dll File not found
SRV - (drvmcdb) -- %systemroot%\system32\ezplay.dll File not found
SRV - (dcpflics) -- %systemroot%\system32\serenum.dll File not found
SRV - (db2) -- %systemroot%\system32\itmrtsvc.dll File not found
SRV - (CVPNDRVA) -- %systemroot%\system32\ssisvr32.dll File not found
SRV - (cdaudio) -- %systemroot%\system32\mbmiodrvr.dll File not found
SRV - (CdaD10BA) -- %systemroot%\system32\unlockerdriver5.dll File not found
SRV - (cd20xrnt) -- %systemroot%\system32\tga.dll File not found
SRV - (cacheserver) ZD1211BU(ZyDAS) -- %systemroot%\system32\pavatscheduler.dll File not found
SRV - (BrScnUsb) -- %systemroot%\system32\easdrv.dll File not found
SRV - (avinitnt) -- %systemroot%\system32\ncupdatesvc.dll File not found
SRV - (avgfwsrv) -- %systemroot%\system32\SndTDriverV32.dll File not found
SRV - (AMDPCI) -- %systemroot%\system32\SE2Emdfl.dll File not found
SRV - (aliadwdm) -- %systemroot%\system32\bdrsdrv.dll File not found
SRV - (Airgo) -- %systemroot%\system32\MREMP50a64.dll File not found
SRV - (adiloader) -- %systemroot%\system32\livesrv.dll File not found
SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bmwebcfg) -- C:\Windows\System32\si3114r.dll (Oak Technology Inc.)
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()


========== Driver Services (SafeList) ==========

DRV - (XDva375) -- C:\Windows\system32\XDva375.sys File not found
DRV - (catchme) -- C:\Users\Steve\AppData\Local\Temp\catchme.sys File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AFD) -- C:\Windows\System32\drivers\afd.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (Ca1528av) -- C:\Windows\System32\drivers\Ca1528av.sys (Digital Camera)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (Bulk1528) -- C:\Windows\System32\drivers\Bulk1528.sys (SunPlus)
DRV - (WIBUKEY) -- C:\Windows\System32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.eurosportplayer.co.uk/tv.shtml/
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 0A D6 5A 54 FF CA 01 [binary data]
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\URLSearchHook: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/results.php?pr=pando&id=pandooutsparktb&v=1_0&gen=ms&ent=ch&q={searchTerms}
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\SearchScopes\{40369B93-299E-4CE3-A92A-9A2BEE86D02E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={621CB794-D039-4A50-BDC2-E675558F75C6}&mid=cdbae86338613ade083e226063635f12-5a83068d446556b7c139d27420c6b432a999e0e3&lang=en&ds=AVG&pr=fr&d=2011-10-12 19:13:28&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.burtonrugbyclub.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B03d187d5-8d15-4df2-adc9-b71fc86b6757%7D&mid=cdbae86338613ade083e226063635f12-5a83068d446556b7c139d27420c6b432a999e0e3&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-12%2019%3A13%3A28&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/22 19:25:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/01/12 00:40:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 17:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/29 20:59:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Steve\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 17:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 16:20:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/02/27 21:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/04/13 16:20:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/12/22 17:30:48 | 000,000,000 | ---D | M]

[2012/03/20 17:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/05/30 22:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/02 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/04/29 09:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\extensions
[2011/12/02 10:49:27 | 000,000,000 | ---D | M] (Outspark Toolbar) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\extensions\{94709E6D-4459-4223-9730-18F5763CA1E6}
[2011/03/28 16:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}-trash
[2011/03/28 16:46:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\extensions\engine@conduit.com
[2010/06/07 00:18:37 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\extensions\support@ancestry.com
[2011/07/15 22:04:28 | 000,002,501 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\searchplugins\SearchResults.xml
[2012/03/01 20:27:24 | 000,002,519 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\searchplugins\Search_Results.xml
[2012/03/20 17:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/23 21:52:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/12 00:40:39 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2012/04/29 20:59:27 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9
[2012/03/19 17:26:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2012/03/06 22:19:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/04/29 20:59:17 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/29 01:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/04/12 19:51:22 | 000,002,282 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2011/07/15 22:04:28 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/03/01 20:27:24 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/10 08:32:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.13.61_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

Hosts file not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Outspark Toolbar) - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files\outsparktb\outsparkdx.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Reg Error: Value error.) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - !{94709E6D-4459-4223-9730-18F5763CA1E6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Reg Error: Value error.) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Reg Error: Value error.) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\..\Toolbar\WebBrowser: (Reg Error: Value error.) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MyPoi Monitor] C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe (MyPoi World B.V.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2277213862-2865841615-63426079-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-2277213862-2865841615-63426079-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2277213862-2865841615-63426079-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2277213862-2865841615-63426079-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2277213862-2865841615-63426079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E4F208B-9E28-4461-B11B-7F09582B9B2B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/07 14:17:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/05/06 22:44:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/05/06 21:50:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/05/06 21:24:41 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/06 14:04:33 | 016,306,456 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware(1).exe
[2012/05/06 08:49:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/06 00:34:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/05/06 00:34:19 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/06 00:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/06 00:20:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SpeedyPC Software
[2012/05/06 00:20:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/05/06 00:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/06 00:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/05/06 00:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/05/01 21:32:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/01 21:32:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/01 21:32:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/01 21:32:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/01 21:32:25 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/01 09:20:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Tyre
[2012/04/29 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\AVG Secure Search
[2012/04/23 21:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/23 21:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/15 13:36:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/15 13:36:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Adobe Mini Bridge CS5
[2012/04/11 03:12:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/11 03:12:13 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 03:12:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 03:12:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 03:12:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/11 03:12:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 03:00:53 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/11 03:00:52 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/07 14:17:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/05/07 14:07:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 13:31:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 13:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/07 07:49:58 | 000,020,768 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 07:49:58 | 000,020,768 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 07:42:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/07 07:42:48 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/05/07 07:42:44 | 2616,594,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 23:00:36 | 000,302,592 | ---- | M] () -- C:\Users\Steve\Desktop\9k1tkbjb.exe
[2012/05/06 22:44:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/05/06 22:40:24 | 000,000,000 | ---- | M] () -- C:\Users\Steve\defogger_reenable
[2012/05/06 22:39:40 | 000,050,477 | ---- | M] () -- C:\Users\Steve\Desktop\Defogger.exe
[2012/05/06 21:59:51 | 000,000,512 | ---- | M] () -- C:\Users\Steve\Desktop\MBR.dat
[2012/05/06 21:50:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/05/06 21:26:26 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/06 21:25:16 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/06 20:53:31 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2012/05/06 14:05:30 | 016,306,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware(1).exe
[2012/05/06 12:59:40 | 000,879,714 | ---- | M] () -- C:\Users\Steve\Desktop\SecurityCheck.exe
[2012/05/06 12:55:58 | 061,869,585 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/06 08:49:08 | 097,248,416 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2012/05/06 00:34:19 | 000,002,242 | ---- | M] () -- C:\Users\Steve\Desktop\SpyHunter.lnk
[2012/05/06 00:20:17 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/05/06 00:20:07 | 000,001,165 | ---- | M] () -- C:\Users\Steve\Desktop\SpeedyPC Pro.lnk
[2012/05/06 00:20:06 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/05/06 00:20:06 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/05/01 04:33:03 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/28 18:59:31 | 000,637,872 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/28 11:07:28 | 000,664,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/28 11:07:28 | 000,125,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/23 21:51:35 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/14 09:28:19 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/14 09:28:19 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/11 19:42:24 | 000,000,132 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Adobe BMP Format CS5 Prefs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/06 23:00:36 | 000,302,592 | ---- | C] () -- C:\Users\Steve\Desktop\9k1tkbjb.exe
[2012/05/06 22:40:24 | 000,000,000 | ---- | C] () -- C:\Users\Steve\defogger_reenable
[2012/05/06 22:39:40 | 000,050,477 | ---- | C] () -- C:\Users\Steve\Desktop\Defogger.exe
[2012/05/06 21:59:51 | 000,000,512 | ---- | C] () -- C:\Users\Steve\Desktop\MBR.dat
[2012/05/06 21:26:26 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/06 16:42:12 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2012/05/06 12:59:40 | 000,879,714 | ---- | C] () -- C:\Users\Steve\Desktop\SecurityCheck.exe
[2012/05/06 00:34:19 | 000,002,242 | ---- | C] () -- C:\Users\Steve\Desktop\SpyHunter.lnk
[2012/05/06 00:20:17 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/05/06 00:20:07 | 000,001,165 | ---- | C] () -- C:\Users\Steve\Desktop\SpeedyPC Pro.lnk
[2012/05/06 00:20:06 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/05/06 00:20:06 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/05/01 21:32:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/01 21:32:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/01 21:32:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/01 21:32:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/01 21:32:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/01 11:48:09 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/01/14 13:15:14 | 000,086,870 | ---- | C] () -- C:\Windows\System32\BerlitzSCR.dat
[2011/10/11 20:10:26 | 000,000,132 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/31 22:41:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/06/15 03:54:18 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/06/05 08:57:43 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll
[2011/05/27 20:11:21 | 000,000,016 | R--- | C] () -- C:\Users\Steve\AppData\Local\10E1BEED.ini
[2011/05/19 07:29:19 | 000,299,544 | ---- | C] () -- C:\Windows\RegGenieOnUninstall.exe
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/02 19:53:13 | 000,000,016 | ---- | C] () -- C:\Windows\System32\syspvm-14.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/12 11:03:06 | 000,014,115 | ---- | C] () -- C:\Windows\twspmm.ini
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/27 10:36:40 | 000,001,212 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\145A.E03
[2011/02/11 08:21:01 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/10/03 22:20:28 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/09/25 23:32:19 | 000,001,456 | ---- | C] () -- C:\Users\Steve\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/20 18:54:27 | 000,165,376 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL
[2010/08/28 10:20:01 | 000,000,132 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/07/26 20:29:04 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WkDos.exe
[2010/07/24 20:15:03 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/12 17:08:27 | 000,000,132 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/06/11 07:13:31 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/05/29 17:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB50867$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:85AA7074
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4220A65C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 07 May 2012 - 08:56 AM

Hello

only run it once if you have any problems just come and let me know

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Burtonrugbyman

Burtonrugbyman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 07 May 2012 - 11:20 AM

I turned off AVG and ran Combofix which seem to stall (It was still open after an hour.) Something had turned off Internet access and the computer could not reconnect until I rebooted. Should I run Combofix again? I also notice in bottom righthand corner the speaker item now says The Audio Service is not running although I hear sounds

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 07 May 2012 - 12:21 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Burtonrugbyman

Burtonrugbyman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 07 May 2012 - 12:44 PM

When I start Combofix in Safe Mode it opens a warning box saying that it has detected AVG programs running. I have checked in the Task Manager and cannot find any programs or processes that relate to AVG. No AVG icon shows in the bottom righthand corner like it does in normal mode.
How do I turn them off?

Steve

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 07 May 2012 - 12:51 PM

go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Burtonrugbyman

Burtonrugbyman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 07 May 2012 - 01:59 PM

Still running after 60 minutes HD access light still blinking slowly Cursor flashing on next line in window Do I let it continue This entry made from mobile

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 07 May 2012 - 02:43 PM

go ahead and stop and run these




tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Burtonrugbyman

Burtonrugbyman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 07 May 2012 - 04:09 PM

Results of those 2 scans

21:00:36.0063 4856 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
21:00:36.0311 4856 ============================================================
21:00:36.0311 4856 Current date / time: 2012/05/07 21:00:36.0311
21:00:36.0311 4856 SystemInfo:
21:00:36.0311 4856
21:00:36.0311 4856 OS Version: 6.1.7600 ServicePack: 0.0
21:00:36.0311 4856 Product type: Workstation
21:00:36.0311 4856 ComputerName: STEVE-PC
21:00:36.0311 4856 UserName: Steve
21:00:36.0311 4856 Windows directory: C:\Windows
21:00:36.0311 4856 System windows directory: C:\Windows
21:00:36.0311 4856 Processor architecture: Intel x86
21:00:36.0311 4856 Number of processors: 4
21:00:36.0311 4856 Page size: 0x1000
21:00:36.0311 4856 Boot type: Normal boot
21:00:36.0311 4856 ============================================================
21:00:38.0077 4856 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:00:38.0082 4856 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:00:38.0089 4856 ============================================================
21:00:38.0089 4856 \Device\Harddisk0\DR0:
21:00:38.0089 4856 MBR partitions:
21:00:38.0089 4856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:00:38.0089 4856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:00:38.0089 4856 \Device\Harddisk1\DR1:
21:00:38.0089 4856 MBR partitions:
21:00:38.0089 4856 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
21:00:38.0105 4856 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xFFFAC83, BlocksNum 0x7BDA655
21:00:38.0105 4856 ============================================================
21:00:38.0126 4856 C: <-> \Device\Harddisk0\DR0\Partition1
21:00:38.0165 4856 E: <-> \Device\Harddisk1\DR1\Partition0
21:00:38.0198 4856 F: <-> \Device\Harddisk1\DR1\Partition1
21:00:38.0198 4856 ============================================================
21:00:38.0198 4856 Initialize success
21:00:38.0198 4856 ============================================================
21:00:42.0418 4928 ============================================================
21:00:42.0418 4928 Scan started
21:00:42.0418 4928 Mode: Manual;
21:00:42.0418 4928 ============================================================
21:00:44.0333 4928 1394hub - ok
21:00:44.0440 4928 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:00:44.0442 4928 1394ohci - ok
21:00:44.0467 4928 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:00:44.0470 4928 ACPI - ok
21:00:44.0482 4928 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:00:44.0483 4928 AcpiPmi - ok
21:00:44.0495 4928 adiloader - ok
21:00:44.0719 4928 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:00:44.0719 4928 AdobeARMservice - ok
21:00:44.0812 4928 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:00:44.0815 4928 AdobeFlashPlayerUpdateSvc - ok
21:00:44.0862 4928 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:00:44.0873 4928 adp94xx - ok
21:00:44.0902 4928 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:00:44.0915 4928 adpahci - ok
21:00:44.0988 4928 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:00:44.0990 4928 adpu320 - ok
21:00:45.0010 4928 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:00:45.0012 4928 AeLookupSvc - ok
21:00:45.0076 4928 AFD (203aa637f07826252b6dc42ddaafb56d) C:\Windows\system32\drivers\afd.sys
21:00:45.0078 4928 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 203aa637f07826252b6dc42ddaafb56d, Fake md5: 0db7a48388d54d154ebec120461a0fcd
21:00:45.0079 4928 AFD ( Virus.Win32.ZAccess.k ) - infected
21:00:45.0079 4928 AFD - detected Virus.Win32.ZAccess.k (0)
21:00:45.0098 4928 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:00:45.0099 4928 agp440 - ok
21:00:45.0125 4928 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:00:45.0127 4928 aic78xx - ok
21:00:45.0130 4928 Airgo - ok
21:00:45.0163 4928 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:00:45.0164 4928 ALG - ok
21:00:45.0175 4928 aliadwdm - ok
21:00:45.0352 4928 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:00:45.0353 4928 aliide - ok
21:00:45.0414 4928 AMD External Events Utility (ebccbcbf1df132e4775e5d6e6dea3ed0) C:\Windows\system32\atiesrxx.exe
21:00:45.0416 4928 AMD External Events Utility - ok
21:00:45.0431 4928 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:00:45.0432 4928 amdagp - ok
21:00:45.0436 4928 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:00:45.0437 4928 amdide - ok
21:00:45.0459 4928 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:00:45.0461 4928 AmdK8 - ok
21:00:46.0254 4928 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
21:00:46.0412 4928 amdkmdag - ok
21:00:46.0615 4928 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
21:00:46.0617 4928 amdkmdap - ok
21:00:46.0629 4928 AMDPCI - ok
21:00:46.0733 4928 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:00:46.0734 4928 AmdPPM - ok
21:00:46.0775 4928 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
21:00:46.0777 4928 amdsata - ok
21:00:46.0798 4928 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:00:46.0809 4928 amdsbs - ok
21:00:46.0821 4928 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
21:00:46.0822 4928 amdxata - ok
21:00:46.0841 4928 aolservice - ok
21:00:46.0865 4928 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:00:46.0867 4928 AppID - ok
21:00:46.0888 4928 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:00:46.0889 4928 AppIDSvc - ok
21:00:46.0916 4928 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
21:00:46.0917 4928 Appinfo - ok
21:00:47.0166 4928 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:00:47.0167 4928 Apple Mobile Device - ok
21:00:47.0196 4928 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:00:47.0206 4928 AppMgmt - ok
21:00:47.0230 4928 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:00:47.0232 4928 arc - ok
21:00:47.0244 4928 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:00:47.0246 4928 arcsas - ok
21:00:47.0415 4928 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:00:47.0417 4928 aspnet_state - ok
21:00:47.0438 4928 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:47.0439 4928 AsyncMac - ok
21:00:47.0455 4928 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:00:47.0456 4928 atapi - ok
21:00:48.0002 4928 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
21:00:48.0041 4928 atikmdag - ok
21:00:48.0183 4928 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:00:48.0192 4928 AudioEndpointBuilder - ok
21:00:48.0198 4928 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:00:48.0201 4928 Audiosrv - ok
21:00:48.0483 4928 Autodesk Licensing Service (ead65493edba0ebea2192d46b938298e) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
21:00:48.0484 4928 Autodesk Licensing Service - ok
21:00:48.0681 4928 AVG Security Toolbar Service (ee651d98b03fe3c075ccc58ab61c9287) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
21:00:48.0704 4928 AVG Security Toolbar Service - ok
21:00:48.0849 4928 avgfwsrv - ok
21:00:49.0179 4928 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:00:49.0260 4928 AVGIDSAgent - ok
21:00:49.0406 4928 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:00:49.0407 4928 AVGIDSDriver - ok
21:00:49.0439 4928 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:00:49.0440 4928 AVGIDSEH - ok
21:00:49.0565 4928 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:00:49.0565 4928 AVGIDSFilter - ok
21:00:49.0653 4928 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:00:49.0653 4928 AVGIDSShim - ok
21:00:49.0831 4928 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
21:00:49.0833 4928 Avgldx86 - ok
21:00:49.0892 4928 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:00:49.0893 4928 Avgmfx86 - ok
21:00:49.0956 4928 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:00:49.0958 4928 Avgrkx86 - ok
21:00:49.0985 4928 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
21:00:49.0987 4928 Avgtdix - ok
21:00:50.0117 4928 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:00:50.0119 4928 avgwd - ok
21:00:50.0126 4928 avinitnt - ok
21:00:50.0150 4928 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
21:00:50.0152 4928 AxInstSV - ok
21:00:50.0195 4928 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:00:50.0207 4928 b06bdrv - ok
21:00:50.0245 4928 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:00:50.0254 4928 b57nd60x - ok
21:00:50.0444 4928 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:00:50.0446 4928 BDESVC - ok
21:00:50.0483 4928 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:00:50.0484 4928 Beep - ok
21:00:50.0528 4928 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
21:00:50.0542 4928 BITS - ok
21:00:50.0566 4928 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:00:50.0567 4928 blbdrive - ok
21:00:50.0595 4928 bmwebcfg - ok
21:00:50.0759 4928 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:00:50.0774 4928 Bonjour Service - ok
21:00:50.0807 4928 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
21:00:50.0809 4928 bowser - ok
21:00:50.0819 4928 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:00:50.0820 4928 BrFiltLo - ok
21:00:50.0836 4928 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:00:50.0836 4928 BrFiltUp - ok
21:00:50.0860 4928 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:00:50.0861 4928 BridgeMP - ok
21:00:50.0890 4928 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
21:00:50.0892 4928 Browser - ok
21:00:50.0908 4928 BrScnUsb - ok
21:00:50.0936 4928 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:00:50.0960 4928 Brserid - ok
21:00:50.0990 4928 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:00:50.0992 4928 BrSerWdm - ok
21:00:51.0003 4928 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:00:51.0003 4928 BrUsbMdm - ok
21:00:51.0019 4928 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:00:51.0019 4928 BrUsbSer - ok
21:00:51.0031 4928 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:00:51.0033 4928 BTHMODEM - ok
21:00:51.0059 4928 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:00:51.0061 4928 bthserv - ok
21:00:51.0119 4928 Bulk1528 (ed1d7546e84a3ebd7f6e900de73cf390) C:\Windows\system32\Drivers\Bulk1528.sys
21:00:51.0120 4928 Bulk1528 - ok
21:00:51.0247 4928 Ca1528av (94bf1cd4cdf4b02be835d78ca5104734) C:\Windows\system32\Drivers\Ca1528av.sys
21:00:51.0253 4928 Ca1528av - ok
21:00:51.0268 4928 caccprovsp - ok
21:00:51.0278 4928 cacheserver - ok
21:00:51.0348 4928 catchme - ok
21:00:51.0381 4928 cd20xrnt - ok
21:00:51.0387 4928 CdaD10BA - ok
21:00:51.0414 4928 cdaudio - ok
21:00:51.0518 4928 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:00:51.0520 4928 cdfs - ok
21:00:51.0540 4928 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:00:51.0542 4928 cdrom - ok
21:00:51.0571 4928 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:00:51.0573 4928 CertPropSvc - ok
21:00:51.0587 4928 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:00:51.0589 4928 circlass - ok
21:00:51.0611 4928 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:00:51.0614 4928 CLFS - ok
21:00:51.0697 4928 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:00:51.0698 4928 clr_optimization_v2.0.50727_32 - ok
21:00:51.0830 4928 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:00:51.0832 4928 clr_optimization_v4.0.30319_32 - ok
21:00:51.0850 4928 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:00:51.0851 4928 CmBatt - ok
21:00:51.0867 4928 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:00:51.0868 4928 cmdide - ok
21:00:51.0916 4928 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
21:00:51.0919 4928 CNG - ok
21:00:51.0923 4928 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:00:51.0924 4928 Compbatt - ok
21:00:51.0947 4928 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:00:51.0948 4928 CompositeBus - ok
21:00:51.0958 4928 COMSysApp - ok
21:00:51.0970 4928 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:00:51.0971 4928 crcdisk - ok
21:00:52.0022 4928 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
21:00:52.0024 4928 CryptSvc - ok
21:00:52.0053 4928 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:00:52.0065 4928 CSC - ok
21:00:52.0101 4928 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
21:00:52.0107 4928 CscService - ok
21:00:52.0130 4928 CVPNDRVA - ok
21:00:52.0152 4928 db2 - ok
21:00:52.0191 4928 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:00:52.0197 4928 DcomLaunch - ok
21:00:52.0203 4928 dcpflics - ok
21:00:52.0249 4928 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:00:52.0253 4928 defragsvc - ok
21:00:52.0419 4928 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
21:00:52.0421 4928 DfsC - ok
21:00:52.0533 4928 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
21:00:52.0537 4928 Dhcp - ok
21:00:52.0554 4928 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:00:52.0555 4928 discache - ok
21:00:52.0577 4928 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:00:52.0578 4928 Disk - ok
21:00:52.0619 4928 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
21:00:52.0621 4928 Dnscache - ok
21:00:52.0648 4928 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
21:00:52.0657 4928 dot3svc - ok
21:00:52.0671 4928 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
21:00:52.0673 4928 DPS - ok
21:00:52.0702 4928 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:00:52.0703 4928 drmkaud - ok
21:00:52.0712 4928 drvmcdb - ok
21:00:52.0728 4928 dsbrokerservice - ok
21:00:52.0750 4928 DSXUSB - ok
21:00:52.0826 4928 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
21:00:52.0830 4928 DXGKrnl - ok
21:00:52.0849 4928 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:00:52.0851 4928 EapHost - ok
21:00:53.0068 4928 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:00:53.0132 4928 ebdrv - ok
21:00:53.0331 4928 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
21:00:53.0332 4928 EFS - ok
21:00:53.0394 4928 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
21:00:53.0410 4928 ehRecvr - ok
21:00:53.0434 4928 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:00:53.0436 4928 ehSched - ok
21:00:53.0474 4928 EhttpSrv - ok
21:00:53.0479 4928 elockservice - ok
21:00:53.0562 4928 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:00:53.0578 4928 elxstor - ok
21:00:53.0591 4928 epstnt01 - ok
21:00:53.0604 4928 erecoveryservice - ok
21:00:53.0614 4928 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:00:53.0615 4928 ErrDev - ok
21:00:53.0650 4928 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:00:53.0657 4928 EventSystem - ok
21:00:53.0679 4928 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:00:53.0692 4928 exfat - ok
21:00:53.0695 4928 F700iob - ok
21:00:53.0731 4928 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:00:53.0733 4928 fastfat - ok
21:00:53.0773 4928 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
21:00:53.0790 4928 Fax - ok
21:00:53.0799 4928 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:00:53.0800 4928 fdc - ok
21:00:53.0812 4928 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:00:53.0813 4928 fdPHost - ok
21:00:53.0828 4928 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:00:53.0829 4928 FDResPub - ok
21:00:53.0840 4928 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:00:53.0841 4928 FileInfo - ok
21:00:53.0853 4928 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:00:53.0854 4928 Filetrace - ok
21:00:53.0994 4928 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:00:54.0012 4928 FLEXnet Licensing Service - ok
21:00:54.0027 4928 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:00:54.0028 4928 flpydisk - ok
21:00:54.0047 4928 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:00:54.0057 4928 FltMgr - ok
21:00:54.0131 4928 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
21:00:54.0152 4928 FontCache - ok
21:00:54.0232 4928 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:00:54.0233 4928 FontCache3.0.0.0 - ok
21:00:54.0337 4928 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:00:54.0338 4928 FsDepends - ok
21:00:54.0366 4928 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
21:00:54.0368 4928 Fs_Rec - ok
21:00:54.0408 4928 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:00:54.0419 4928 fvevol - ok
21:00:54.0493 4928 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:00:54.0494 4928 gagp30kx - ok
21:00:54.0530 4928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:00:54.0530 4928 GEARAspiWDM - ok
21:00:54.0580 4928 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
21:00:54.0594 4928 gpsvc - ok
21:00:54.0604 4928 GTSCSER - ok
21:00:54.0673 4928 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:54.0675 4928 gupdate - ok
21:00:54.0696 4928 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:54.0697 4928 gupdatem - ok
21:00:54.0742 4928 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:00:54.0743 4928 hcw85cir - ok
21:00:54.0789 4928 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:00:54.0804 4928 HdAudAddService - ok
21:00:54.0820 4928 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:00:54.0822 4928 HDAudBus - ok
21:00:54.0830 4928 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:00:54.0831 4928 HidBatt - ok
21:00:54.0851 4928 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:00:54.0852 4928 HidBth - ok
21:00:54.0869 4928 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:00:54.0870 4928 HidIr - ok
21:00:54.0896 4928 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:00:54.0898 4928 hidserv - ok
21:00:54.0924 4928 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:00:54.0925 4928 HidUsb - ok
21:00:54.0939 4928 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
21:00:54.0941 4928 hkmsvc - ok
21:00:55.0030 4928 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
21:00:55.0033 4928 HomeGroupListener - ok
21:00:55.0065 4928 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
21:00:55.0076 4928 HomeGroupProvider - ok
21:00:55.0079 4928 hpdskflt - ok
21:00:55.0094 4928 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:00:55.0095 4928 HpSAMD - ok
21:00:55.0131 4928 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:00:55.0149 4928 HTTP - ok
21:00:55.0160 4928 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:00:55.0161 4928 hwpolicy - ok
21:00:55.0175 4928 hwpsgt - ok
21:00:55.0199 4928 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:00:55.0201 4928 i8042prt - ok
21:00:55.0223 4928 iaimtv2 - ok
21:00:55.0313 4928 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
21:00:55.0317 4928 iaStorV - ok
21:00:55.0409 4928 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:00:55.0410 4928 IDriverT - ok
21:00:55.0547 4928 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:00:55.0565 4928 idsvc - ok
21:00:55.0644 4928 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:00:55.0645 4928 iirsp - ok
21:00:55.0701 4928 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
21:00:55.0715 4928 IKEEXT - ok
21:00:55.0732 4928 imaservice - ok
21:00:55.0747 4928 InCDsrvR - ok
21:00:55.0763 4928 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:00:55.0764 4928 intelide - ok
21:00:55.0784 4928 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:00:55.0786 4928 intelppm - ok
21:00:55.0806 4928 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:00:55.0809 4928 IPBusEnum - ok
21:00:55.0825 4928 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:55.0826 4928 IpFilterDriver - ok
21:00:55.0862 4928 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
21:00:55.0868 4928 iphlpsvc - ok
21:00:55.0881 4928 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:00:55.0883 4928 IPMIDRV - ok
21:00:55.0902 4928 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:00:55.0904 4928 IPNAT - ok
21:00:56.0044 4928 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
21:00:56.0055 4928 iPod Service - ok
21:00:56.0067 4928 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:00:56.0068 4928 IRENUM - ok
21:00:56.0081 4928 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:00:56.0082 4928 isapnp - ok
21:00:56.0104 4928 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:00:56.0114 4928 iScsiPrt - ok
21:00:56.0125 4928 JiaoCap - ok
21:00:56.0141 4928 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:00:56.0141 4928 kbdclass - ok
21:00:56.0167 4928 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:00:56.0168 4928 kbdhid - ok
21:00:56.0196 4928 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:00:56.0197 4928 KeyIso - ok
21:00:56.0458 4928 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
21:00:56.0459 4928 KSecDD - ok
21:00:56.0637 4928 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
21:00:56.0639 4928 KSecPkg - ok
21:00:56.0686 4928 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:00:56.0701 4928 KtmRm - ok
21:00:56.0737 4928 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
21:00:56.0748 4928 LanmanServer - ok
21:00:56.0769 4928 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
21:00:56.0772 4928 LanmanWorkstation - ok
21:00:56.0800 4928 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:00:56.0801 4928 lltdio - ok
21:00:56.0828 4928 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:00:56.0838 4928 lltdsvc - ok
21:00:56.0861 4928 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:00:56.0880 4928 lmhosts - ok
21:00:56.0908 4928 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:00:56.0910 4928 LSI_FC - ok
21:00:56.0928 4928 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:00:56.0929 4928 LSI_SAS - ok
21:00:56.0941 4928 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:00:56.0943 4928 LSI_SAS2 - ok
21:00:56.0960 4928 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:00:56.0962 4928 LSI_SCSI - ok
21:00:56.0985 4928 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:00:56.0987 4928 luafv - ok
21:00:56.0990 4928 mcp - ok
21:00:56.0996 4928 mcredirector - ok
21:00:57.0009 4928 mcsysmon - ok
21:00:57.0046 4928 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
21:00:57.0048 4928 Mcx2Svc - ok
21:00:57.0061 4928 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:00:57.0062 4928 megasas - ok
21:00:57.0105 4928 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:00:57.0108 4928 MegaSR - ok
21:00:57.0111 4928 mferkdk - ok
21:00:57.0271 4928 mi-raysat_3dsMax2009_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
21:00:57.0272 4928 mi-raysat_3dsMax2009_32 - ok
21:00:57.0397 4928 mi-raysat_3dsmax2010_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
21:00:57.0398 4928 mi-raysat_3dsmax2010_32 - ok
21:00:57.0458 4928 Microsoft SharePoint Workspace Audit Service - ok
21:00:57.0485 4928 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:00:57.0487 4928 MMCSS - ok
21:00:57.0512 4928 mnmdd - ok
21:00:57.0526 4928 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:00:57.0528 4928 Modem - ok
21:00:57.0583 4928 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:00:57.0584 4928 monitor - ok
21:00:57.0619 4928 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:00:57.0620 4928 mouclass - ok
21:00:57.0645 4928 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:00:57.0646 4928 mouhid - ok
21:00:57.0664 4928 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:00:57.0665 4928 mountmgr - ok
21:00:57.0682 4928 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:00:57.0685 4928 mpio - ok
21:00:57.0688 4928 mps9 - ok
21:00:57.0702 4928 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:00:57.0704 4928 mpsdrv - ok
21:00:57.0722 4928 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:00:57.0724 4928 MRxDAV - ok
21:00:57.0767 4928 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:57.0769 4928 mrxsmb - ok
21:00:57.0839 4928 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:57.0842 4928 mrxsmb10 - ok
21:00:57.0857 4928 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:57.0858 4928 mrxsmb20 - ok
21:00:57.0868 4928 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:00:57.0870 4928 msahci - ok
21:00:57.0887 4928 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:00:57.0889 4928 msdsm - ok
21:00:57.0913 4928 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:00:57.0925 4928 MSDTC - ok
21:00:57.0938 4928 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:00:57.0939 4928 Msfs - ok
21:00:57.0947 4928 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:00:57.0948 4928 mshidkmdf - ok
21:00:57.0960 4928 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:00:57.0961 4928 msisadrv - ok
21:00:57.0992 4928 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:00:57.0994 4928 MSiSCSI - ok
21:00:57.0998 4928 msiserver - ok
21:00:58.0016 4928 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:00:58.0017 4928 MSKSSRV - ok
21:00:58.0031 4928 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:58.0032 4928 MSPCLOCK - ok
21:00:58.0046 4928 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:00:58.0057 4928 MSPQM - ok
21:00:58.0076 4928 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:00:58.0087 4928 MsRPC - ok
21:00:58.0099 4928 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:58.0099 4928 mssmbios - ok
21:00:58.0108 4928 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:00:58.0109 4928 MSTEE - ok
21:00:58.0113 4928 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:00:58.0114 4928 MTConfig - ok
21:00:58.0138 4928 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
21:00:58.0138 4928 MTsensor - ok
21:00:58.0151 4928 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:00:58.0153 4928 Mup - ok
21:00:58.0193 4928 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
21:00:58.0207 4928 napagent - ok
21:00:58.0234 4928 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:00:58.0242 4928 NativeWifiP - ok
21:00:58.0450 4928 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:00:58.0463 4928 NDIS - ok
21:00:58.0473 4928 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:00:58.0475 4928 NdisCap - ok
21:00:58.0486 4928 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:58.0487 4928 NdisTapi - ok
21:00:58.0500 4928 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:58.0501 4928 Ndisuio - ok
21:00:58.0517 4928 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:58.0519 4928 NdisWan - ok
21:00:58.0529 4928 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:00:58.0531 4928 NDProxy - ok
21:00:58.0544 4928 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:00:58.0546 4928 NetBIOS - ok
21:00:58.0563 4928 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:00:58.0573 4928 NetBT - ok
21:00:58.0576 4928 netddedsdm - ok
21:00:58.0600 4928 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:00:58.0602 4928 Netlogon - ok
21:00:58.0691 4928 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:00:58.0707 4928 Netman - ok
21:00:58.0834 4928 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:58.0836 4928 NetMsmqActivator - ok
21:00:58.0840 4928 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:58.0841 4928 NetPipeActivator - ok
21:00:58.0890 4928 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:00:58.0902 4928 netprofm - ok
21:00:58.0905 4928 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:58.0907 4928 NetTcpActivator - ok
21:00:58.0911 4928 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:58.0912 4928 NetTcpPortSharing - ok
21:00:58.0935 4928 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:00:58.0937 4928 nfrd960 - ok
21:00:58.0970 4928 nipsvc - ok
21:00:59.0002 4928 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
21:00:59.0010 4928 NlaSvc - ok
21:00:59.0049 4928 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
21:00:59.0050 4928 nmwcd - ok
21:00:59.0099 4928 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
21:00:59.0100 4928 nmwcdc - ok
21:00:59.0112 4928 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:00:59.0114 4928 Npfs - ok
21:00:59.0121 4928 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:00:59.0123 4928 nsi - ok
21:00:59.0135 4928 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:00:59.0136 4928 nsiproxy - ok
21:00:59.0232 4928 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
21:00:59.0257 4928 Ntfs - ok
21:00:59.0260 4928 NuidFltr - ok
21:00:59.0275 4928 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:00:59.0276 4928 Null - ok
21:00:59.0335 4928 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
21:00:59.0337 4928 nvraid - ok
21:00:59.0355 4928 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
21:00:59.0358 4928 nvstor - ok
21:00:59.0374 4928 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:00:59.0377 4928 nv_agp - ok
21:00:59.0380 4928 NWUSBPort - ok
21:00:59.0396 4928 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:00:59.0398 4928 ohci1394 - ok
21:00:59.0406 4928 oraclesnmppeermasteragent - ok
21:00:59.0481 4928 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:00:59.0493 4928 ose - ok
21:00:59.0871 4928 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:00:59.0951 4928 osppsvc - ok
21:01:00.0085 4928 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:01:00.0089 4928 p2pimsvc - ok
21:01:00.0114 4928 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:01:00.0129 4928 p2psvc - ok
21:01:00.0136 4928 p3 - ok
21:01:00.0141 4928 Packet - ok
21:01:00.0189 4928 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:01:00.0190 4928 Parport - ok
21:01:00.0202 4928 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:01:00.0204 4928 partmgr - ok
21:01:00.0213 4928 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:01:00.0214 4928 Parvdm - ok
21:01:00.0217 4928 PCASp50 - ok
21:01:00.0236 4928 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:01:00.0247 4928 PcaSvc - ok
21:01:00.0482 4928 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:01:00.0483 4928 pccsmcfd - ok
21:01:00.0508 4928 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:01:00.0509 4928 pci - ok
21:01:00.0519 4928 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:01:00.0520 4928 pciide - ok
21:01:00.0544 4928 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:01:00.0554 4928 pcmcia - ok
21:01:00.0567 4928 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:01:00.0568 4928 pcw - ok
21:01:00.0571 4928 pdlnatdl - ok
21:01:00.0605 4928 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:01:00.0619 4928 PEAUTH - ok
21:01:00.0739 4928 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:01:00.0765 4928 PeerDistSvc - ok
21:01:00.0785 4928 pinetmgr - ok
21:01:00.0886 4928 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
21:01:00.0923 4928 pla - ok
21:01:01.0104 4928 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
21:01:01.0120 4928 PlugPlay - ok
21:01:01.0140 4928 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:01:01.0142 4928 PNRPAutoReg - ok
21:01:01.0168 4928 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:01:01.0170 4928 PNRPsvc - ok
21:01:01.0234 4928 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
21:01:01.0238 4928 PolicyAgent - ok
21:01:01.0268 4928 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
21:01:01.0271 4928 Power - ok
21:01:01.0307 4928 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:01:01.0308 4928 PptpMiniport - ok
21:01:01.0320 4928 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:01:01.0322 4928 Processor - ok
21:01:01.0346 4928 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
21:01:01.0358 4928 ProfSvc - ok
21:01:01.0387 4928 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:01:01.0389 4928 ProtectedStorage - ok
21:01:01.0411 4928 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:01:01.0413 4928 Psched - ok
21:01:01.0492 4928 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
21:01:01.0493 4928 PxHelp20 - ok
21:01:01.0580 4928 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:01:01.0613 4928 ql2300 - ok
21:01:01.0792 4928 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:01:01.0794 4928 ql40xx - ok
21:01:01.0826 4928 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:01:01.0835 4928 QWAVE - ok
21:01:01.0845 4928 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:01:01.0846 4928 QWAVEdrv - ok
21:01:01.0863 4928 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:01:01.0864 4928 RasAcd - ok
21:01:01.0881 4928 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:01:01.0882 4928 RasAgileVpn - ok
21:01:01.0894 4928 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:01:01.0897 4928 RasAuto - ok
21:01:01.0906 4928 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:01:01.0907 4928 Rasl2tp - ok
21:01:01.0982 4928 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
21:01:01.0994 4928 RasMan - ok
21:01:02.0004 4928 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:01:02.0006 4928 RasPppoe - ok
21:01:02.0018 4928 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:01:02.0019 4928 RasSstp - ok
21:01:02.0045 4928 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:01:02.0053 4928 rdbss - ok
21:01:02.0062 4928 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:01:02.0063 4928 rdpbus - ok
21:01:02.0072 4928 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:01:02.0073 4928 RDPCDD - ok
21:01:02.0106 4928 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:01:02.0117 4928 RDPDR - ok
21:01:02.0138 4928 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:01:02.0139 4928 RDPENCDD - ok
21:01:02.0153 4928 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:01:02.0154 4928 RDPREFMP - ok
21:01:02.0213 4928 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
21:01:02.0216 4928 RDPWD - ok
21:01:02.0243 4928 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:01:02.0245 4928 rdyboost - ok
21:01:02.0363 4928 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:01:02.0365 4928 RemoteAccess - ok
21:01:02.0394 4928 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:01:02.0407 4928 RemoteRegistry - ok
21:01:02.0410 4928 ROB_V - ok
21:01:02.0459 4928 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:01:02.0461 4928 RpcEptMapper - ok
21:01:02.0480 4928 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:01:02.0482 4928 RpcLocator - ok
21:01:02.0507 4928 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:01:02.0510 4928 RpcSs - ok
21:01:02.0537 4928 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:01:02.0538 4928 rspndr - ok
21:01:02.0605 4928 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:01:02.0606 4928 RTL8167 - ok
21:01:02.0610 4928 s117mdm - ok
21:01:02.0615 4928 s125bus - ok
21:01:02.0645 4928 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:01:02.0646 4928 s3cap - ok
21:01:02.0661 4928 s616mdm - ok
21:01:02.0667 4928 SaiNtSub - ok
21:01:02.0704 4928 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:01:02.0705 4928 SamSs - ok
21:01:02.0708 4928 sbiesvc - ok
21:01:02.0739 4928 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:01:02.0740 4928 sbp2port - ok
21:01:02.0763 4928 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:01:02.0775 4928 SCardSvr - ok
21:01:02.0778 4928 ScFBPNT2 - ok
21:01:02.0792 4928 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:01:02.0793 4928 scfilter - ok
21:01:02.0870 4928 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
21:01:02.0893 4928 Schedule - ok
21:01:02.0927 4928 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:01:02.0928 4928 SCPolicySvc - ok
21:01:02.0948 4928 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
21:01:02.0960 4928 SDRSVC - ok
21:01:02.0986 4928 SE26mgmt - ok
21:01:02.0993 4928 SE26obex - ok
21:01:03.0003 4928 SE2Bmdm - ok
21:01:03.0019 4928 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:01:03.0020 4928 secdrv - ok
21:01:03.0029 4928 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:01:03.0031 4928 seclogon - ok
21:01:03.0059 4928 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:01:03.0061 4928 SENS - ok
21:01:03.0085 4928 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:01:03.0087 4928 SensrSvc - ok
21:01:03.0109 4928 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:01:03.0110 4928 Serenum - ok
21:01:03.0149 4928 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:01:03.0166 4928 Serial - ok
21:01:03.0180 4928 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:01:03.0181 4928 sermouse - ok
21:01:03.0307 4928 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:01:03.0321 4928 ServiceLayer - ok
21:01:03.0354 4928 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
21:01:03.0357 4928 SessionEnv - ok
21:01:03.0371 4928 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:01:03.0384 4928 sffdisk - ok
21:01:03.0402 4928 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:01:03.0403 4928 sffp_mmc - ok
21:01:03.0413 4928 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:01:03.0415 4928 sffp_sd - ok
21:01:03.0422 4928 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:01:03.0424 4928 sfloppy - ok
21:01:03.0428 4928 sfvfs02 - ok
21:01:03.0469 4928 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:01:03.0476 4928 SharedAccess - ok
21:01:03.0503 4928 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
21:01:03.0518 4928 ShellHWDetection - ok
21:01:03.0533 4928 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:01:03.0535 4928 sisagp - ok
21:01:03.0560 4928 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:01:03.0561 4928 SiSRaid2 - ok
21:01:03.0577 4928 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:01:03.0579 4928 SiSRaid4 - ok
21:01:03.0582 4928 siswlsvc - ok
21:01:03.0703 4928 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:01:03.0705 4928 SkypeUpdate - ok
21:01:03.0728 4928 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:01:03.0729 4928 Smb - ok
21:01:03.0743 4928 smservaz - ok
21:01:03.0759 4928 smsmdd - ok
21:01:03.0795 4928 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:01:03.0797 4928 SNMPTRAP - ok
21:01:03.0805 4928 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:01:03.0806 4928 spldr - ok
21:01:03.0819 4928 spmd - ok
21:01:03.0864 4928 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
21:01:03.0869 4928 Spooler - ok
21:01:04.0085 4928 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
21:01:04.0153 4928 sppsvc - ok
21:01:04.0407 4928 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
21:01:04.0410 4928 sppuinotify - ok
21:01:04.0807 4928 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
21:01:04.0807 4928 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:01:04.0809 4928 sptd ( LockedFile.Multi.Generic ) - warning
21:01:04.0809 4928 sptd - detected LockedFile.Multi.Generic (1)
21:01:05.0037 4928 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
21:01:05.0046 4928 SpyHunter 4 Service - ok
21:01:05.0131 4928 SQLAgent$MICROSOFTSMLBIZ - ok
21:01:05.0290 4928 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
21:01:05.0294 4928 srv - ok
21:01:05.0337 4928 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
21:01:05.0355 4928 srv2 - ok
21:01:05.0370 4928 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
21:01:05.0372 4928 srvnet - ok
21:01:05.0404 4928 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:01:05.0414 4928 SSDPSRV - ok
21:01:05.0426 4928 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:01:05.0429 4928 SstpSvc - ok
21:01:05.0447 4928 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:01:05.0449 4928 stexstor - ok
21:01:05.0481 4928 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
21:01:05.0500 4928 StiSvc - ok
21:01:05.0537 4928 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:01:05.0538 4928 storflt - ok
21:01:05.0549 4928 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:01:05.0551 4928 storvsc - ok
21:01:05.0554 4928 StreamDispatcher - ok
21:01:05.0609 4928 susbser (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\ossrv.dll
21:01:05.0611 4928 susbser ( Backdoor.Multi.ZAccess.gen ) - infected
21:01:05.0611 4928 susbser - detected Backdoor.Multi.ZAccess.gen (0)
21:01:05.0629 4928 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:01:05.0629 4928 swenum - ok
21:01:05.0853 4928 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:01:05.0863 4928 SwitchBoard - ok
21:01:05.0903 4928 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:01:05.0917 4928 swprv - ok
21:01:05.0989 4928 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
21:01:06.0011 4928 SysMain - ok
21:01:06.0026 4928 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
21:01:06.0029 4928 TabletInputService - ok
21:01:06.0063 4928 tap0901 - ok
21:01:06.0117 4928 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
21:01:06.0122 4928 TapiSrv - ok
21:01:06.0136 4928 tavsvc - ok
21:01:06.0151 4928 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:01:06.0153 4928 TBS - ok
21:01:06.0503 4928 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
21:01:06.0510 4928 Tcpip - ok
21:01:06.0529 4928 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
21:01:06.0536 4928 TCPIP6 - ok
21:01:06.0559 4928 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:01:06.0561 4928 tcpipreg - ok
21:01:06.0572 4928 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:01:06.0573 4928 TDPIPE - ok
21:01:06.0611 4928 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
21:01:06.0612 4928 TDTCP - ok
21:01:06.0629 4928 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:01:06.0631 4928 tdx - ok
21:01:06.0642 4928 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:01:06.0643 4928 TermDD - ok
21:01:06.0727 4928 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
21:01:06.0745 4928 TermService - ok
21:01:06.0754 4928 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:01:06.0756 4928 Themes - ok
21:01:06.0776 4928 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:01:06.0778 4928 THREADORDER - ok
21:01:06.0781 4928 tifmsony - ok
21:01:06.0877 4928 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:01:06.0878 4928 TomTomHOMEService - ok
21:01:06.0894 4928 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:01:06.0896 4928 TrkWks - ok
21:01:06.0968 4928 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
21:01:06.0978 4928 TrustedInstaller - ok
21:01:06.0991 4928 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:01:06.0992 4928 tssecsrv - ok
21:01:07.0027 4928 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:01:07.0029 4928 tunnel - ok
21:01:07.0047 4928 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:01:07.0049 4928 uagp35 - ok
21:01:07.0313 4928 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:01:07.0324 4928 udfs - ok
21:01:07.0347 4928 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:01:07.0349 4928 UI0Detect - ok
21:01:07.0352 4928 UimBus - ok
21:01:07.0372 4928 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:01:07.0374 4928 uliagpkx - ok
21:01:07.0405 4928 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:01:07.0406 4928 umbus - ok
21:01:07.0415 4928 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:01:07.0416 4928 UmPass - ok
21:01:07.0453 4928 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
21:01:07.0464 4928 UmRdpService - ok
21:01:07.0513 4928 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:01:07.0522 4928 upnphost - ok
21:01:07.0561 4928 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:01:07.0562 4928 upperdev - ok
21:01:07.0570 4928 upsentry_smart - ok
21:01:07.0585 4928 USA49W - ok
21:01:07.0607 4928 USA49W2KP - ok
21:01:07.0681 4928 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
21:01:07.0682 4928 usbaudio - ok
21:01:07.0742 4928 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
21:01:07.0743 4928 usbccgp - ok
21:01:07.0757 4928 USBCCID - ok
21:01:07.0787 4928 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:01:07.0803 4928 usbcir - ok
21:01:07.0837 4928 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
21:01:07.0838 4928 usbehci - ok
21:01:07.0890 4928 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
21:01:07.0898 4928 usbhub - ok
21:01:07.0907 4928 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
21:01:07.0908 4928 usbohci - ok
21:01:07.0929 4928 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:01:07.0931 4928 usbprint - ok
21:01:07.0975 4928 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:01:07.0982 4928 usbscan - ok
21:01:08.0028 4928 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
21:01:08.0029 4928 usbser - ok
21:01:08.0063 4928 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:01:08.0064 4928 UsbserFilt - ok
21:01:08.0084 4928 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:01:08.0086 4928 USBSTOR - ok
21:01:08.0102 4928 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
21:01:08.0103 4928 usbuhci - ok
21:01:08.0152 4928 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
21:01:08.0165 4928 usbvideo - ok
21:01:08.0168 4928 usprserv - ok
21:01:08.0207 4928 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:01:08.0216 4928 UxSms - ok
21:01:08.0246 4928 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:01:08.0247 4928 VaultSvc - ok
21:01:08.0296 4928 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:01:08.0298 4928 vdrvroot - ok
21:01:08.0327 4928 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
21:01:08.0353 4928 vds - ok
21:01:08.0375 4928 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:01:08.0377 4928 vga - ok
21:01:08.0393 4928 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:01:08.0394 4928 VgaSave - ok
21:01:08.0416 4928 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:01:08.0427 4928 vhdmp - ok
21:01:08.0432 4928 vhidmini - ok
21:01:08.0586 4928 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:01:08.0588 4928 viaagp - ok
21:01:08.0593 4928 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:01:08.0595 4928 ViaC7 - ok
21:01:08.0611 4928 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:01:08.0612 4928 viaide - ok
21:01:08.0661 4928 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:01:08.0664 4928 vmbus - ok
21:01:08.0682 4928 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:01:08.0683 4928 VMBusHID - ok
21:01:08.0698 4928 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:01:08.0699 4928 volmgr - ok
21:01:08.0720 4928 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:01:08.0727 4928 volmgrx - ok
21:01:08.0746 4928 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:01:08.0755 4928 volsnap - ok
21:01:08.0793 4928 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:01:08.0795 4928 vsmraid - ok
21:01:08.0891 4928 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
21:01:08.0915 4928 VSS - ok
21:01:09.0097 4928 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
21:01:09.0113 4928 vToolbarUpdater11.0.2 - ok
21:01:09.0223 4928 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:01:09.0225 4928 vwifibus - ok
21:01:09.0304 4928 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:01:09.0314 4928 W32Time - ok
21:01:09.0330 4928 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:01:09.0331 4928 WacomPen - ok
21:01:09.0362 4928 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:01:09.0363 4928 WANARP - ok
21:01:09.0366 4928 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:01:09.0367 4928 Wanarpv6 - ok
21:01:09.0372 4928 wanminiportservice - ok
21:01:09.0492 4928 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:01:09.0518 4928 WatAdminSvc - ok
21:01:09.0677 4928 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
21:01:09.0703 4928 wbengine - ok
21:01:09.0730 4928 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:01:09.0742 4928 WbioSrvc - ok
21:01:09.0854 4928 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
21:01:09.0879 4928 wcncsvc - ok
21:01:09.0888 4928 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:01:09.0891 4928 WcsPlugInService - ok
21:01:09.0928 4928 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:01:09.0929 4928 Wd - ok
21:01:09.0961 4928 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:01:09.0966 4928 Wdf01000 - ok
21:01:09.0975 4928 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:01:09.0978 4928 WdiServiceHost - ok
21:01:09.0981 4928 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:01:09.0983 4928 WdiSystemHost - ok
21:01:10.0026 4928 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
21:01:10.0036 4928 WebClient - ok
21:01:10.0079 4928 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:01:10.0082 4928 Wecsvc - ok
21:01:10.0101 4928 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:01:10.0103 4928 wercplsupport - ok
21:01:10.0128 4928 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:01:10.0131 4928 WerSvc - ok
21:01:10.0152 4928 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:01:10.0153 4928 WfpLwf - ok
21:01:10.0199 4928 WIBUKEY (afcea7939925378f867dde6af76f3924) C:\Windows\system32\DRIVERS\WibuKey.sys
21:01:10.0201 4928 WIBUKEY - ok
21:01:10.0217 4928 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:01:10.0218 4928 WIMMount - ok
21:01:10.0469 4928 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:01:10.0481 4928 WinDefend - ok
21:01:10.0489 4928 WinHttpAutoProxySvc - ok
21:01:10.0542 4928 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:01:10.0552 4928 Winmgmt - ok
21:01:10.0691 4928 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
21:01:10.0737 4928 WinRM - ok
21:01:10.0755 4928 wintabservice - ok
21:01:10.0829 4928 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
21:01:10.0831 4928 WinUsb - ok
21:01:11.0003 4928 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:01:11.0023 4928 Wlansvc - ok
21:01:11.0050 4928 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:01:11.0051 4928 WmiAcpi - ok
21:01:11.0099 4928 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:01:11.0101 4928 wmiApSrv - ok
21:01:11.0227 4928 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:01:11.0239 4928 WMPNetworkSvc - ok
21:01:11.0262 4928 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:01:11.0266 4928 WPCSvc - ok
21:01:11.0281 4928 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
21:01:11.0284 4928 WPDBusEnum - ok
21:01:11.0313 4928 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:01:11.0314 4928 ws2ifsl - ok
21:01:11.0350 4928 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
21:01:11.0353 4928 wscsvc - ok
21:01:11.0356 4928 WSearch - ok
21:01:11.0501 4928 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
21:01:11.0533 4928 wuauserv - ok
21:01:11.0612 4928 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:01:11.0614 4928 WudfPf - ok
21:01:11.0660 4928 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:01:11.0667 4928 WUDFRd - ok
21:01:11.0694 4928 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
21:01:11.0697 4928 wudfsvc - ok
21:01:11.0720 4928 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:01:11.0730 4928 WwanSvc - ok
21:01:11.0750 4928 XDva375 - ok
21:01:11.0758 4928 zppinger - ok
21:01:11.0784 4928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:01:11.0830 4928 \Device\Harddisk0\DR0 - ok
21:01:11.0833 4928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:01:11.0850 4928 \Device\Harddisk1\DR1 - ok
21:01:11.0854 4928 Boot (0x1200) (1eb126f043205a1b3a02549f1be92440) \Device\Harddisk0\DR0\Partition0
21:01:11.0855 4928 \Device\Harddisk0\DR0\Partition0 - ok
21:01:11.0892 4928 Boot (0x1200) (21705d3b63e78a9d5c68486c20b3780e) \Device\Harddisk0\DR0\Partition1
21:01:11.0893 4928 \Device\Harddisk0\DR0\Partition1 - ok
21:01:11.0917 4928 Boot (0x1200) (f85240a93ce3905ce81fde5c011f09e9) \Device\Harddisk1\DR1\Partition0
21:01:11.0918 4928 \Device\Harddisk1\DR1\Partition0 - ok
21:01:11.0922 4928 Boot (0x1200) (85a884fabac5609a8deea181442013e8) \Device\Harddisk1\DR1\Partition1
21:01:11.0923 4928 \Device\Harddisk1\DR1\Partition1 - ok
21:01:11.0925 4928 ============================================================
21:01:11.0925 4928 Scan finished
21:01:11.0925 4928 ============================================================
21:01:11.0936 4920 Detected object count: 3
21:01:11.0936 4920 Actual detected object count: 3
21:01:37.0243 4920 C:\Windows\system32\drivers\afd.sys - copied to quarantine
21:01:37.0246 4920 C:\Windows\$NtUninstallKB50867$\1685430982\@ - copied to quarantine
21:01:37.0247 4920 C:\Windows\$NtUninstallKB50867$\1685430982\cfg.ini - copied to quarantine
21:01:37.0249 4920 C:\Windows\$NtUninstallKB50867$\1685430982\Desktop.ini - copied to quarantine
21:01:37.0277 4920 C:\Windows\$NtUninstallKB50867$\1685430982\L\xadqgnnk - copied to quarantine
21:01:37.0278 4920 C:\Windows\$NtUninstallKB50867$\1685430982\oemid - copied to quarantine
21:01:37.0288 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\00000001.@ - copied to quarantine
21:01:37.0329 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\00000002.@ - copied to quarantine
21:01:37.0341 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\00000004.@ - copied to quarantine
21:01:37.0366 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\80000000.@ - copied to quarantine
21:01:37.0377 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\80000004.@ - copied to quarantine
21:01:37.0400 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\80000032.@ - copied to quarantine
21:01:37.0402 4920 C:\Windows\$NtUninstallKB50867$\1685430982\version - copied to quarantine
21:01:38.0962 4920 Backup copy not found, trying to cure infected file..
21:01:38.0965 4920 Cure success, using it..
21:01:38.0975 4920 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
21:01:41.0470 4920 C:\Windows\$NtUninstallKB50867$\1685430982\@ - will be deleted on reboot
21:01:41.0470 4920 C:\Windows\$NtUninstallKB50867$\1685430982\cfg.ini - will be deleted on reboot
21:01:41.0470 4920 C:\Windows\$NtUninstallKB50867$\1685430982\Desktop.ini - will be deleted on reboot
21:01:41.0483 4920 C:\Windows\$NtUninstallKB50867$\1685430982\oemid - will be deleted on reboot
21:01:41.0484 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\00000001.@ - will be deleted on reboot
21:01:41.0484 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\00000002.@ - will be deleted on reboot
21:01:41.0484 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\00000004.@ - will be deleted on reboot
21:01:41.0485 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\80000000.@ - will be deleted on reboot
21:01:41.0485 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\80000004.@ - will be deleted on reboot
21:01:41.0485 4920 C:\Windows\$NtUninstallKB50867$\1685430982\U\80000032.@ - will be deleted on reboot
21:01:41.0485 4920 C:\Windows\$NtUninstallKB50867$\1685430982\version - will be deleted on reboot
21:01:41.0485 4920 C:\Windows\$NtUninstallKB50867$\436161862 - will be deleted on reboot
21:01:41.0486 4920 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
21:01:41.0487 4920 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:01:41.0487 4920 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:01:41.0527 4920 C:\Windows\system32\ossrv.dll - copied to quarantine
21:01:41.0527 4920 HKLM\SYSTEM\ControlSet001\services\susbser - will be deleted on reboot
21:01:41.0544 4920 HKLM\SYSTEM\ControlSet002\services\susbser - will be deleted on reboot
21:01:41.0770 4920 C:\Windows\system32\ossrv.dll - will be deleted on reboot
21:01:41.0770 4920 susbser ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
21:01:56.0063 4852 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 21:06:34
-----------------------------
21:06:34.053 OS Version: Windows 6.1.7600
21:06:34.053 Number of processors: 4 586 0x502
21:06:34.054 ComputerName: STEVE-PC UserName: Steve
21:06:56.608 Initialize success
21:07:04.500 AVAST engine defs: 12050601
21:07:34.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
21:07:34.940 Disk 0 Vendor: MDT_MD5000AAJS-00TKA0 12.01C01 Size: 476940MB BusType: 3
21:07:34.943 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
21:07:34.945 Disk 1 Vendor: Maxtor_6L200M0 BANC1E00 Size: 194481MB BusType: 3
21:07:34.963 Disk 0 MBR read successfully
21:07:34.966 Disk 0 MBR scan
21:07:34.971 Disk 0 Windows 7 default MBR code
21:07:34.992 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:07:35.004 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
21:07:35.011 Disk 0 scanning sectors +976771072
21:07:35.068 Disk 0 scanning C:\Windows\system32\drivers
21:07:46.231 Service scanning
21:08:06.362 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:08:11.986 Modules scanning
21:08:17.200 Disk 0 trace - called modules:
21:08:17.217 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x855401f8]<<
21:08:17.222 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864425f8]
21:08:17.227 3 CLASSPNP.SYS[8c11059e] -> nt!IofCallDriver -> [0x8629d918]
21:08:17.232 5 ACPI.sys[8b9493b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x862a0030]
21:08:17.238 \Driver\atapi[0x8627f2f0] -> IRP_MJ_CREATE -> 0x855401f8
21:08:19.532 AVAST engine scan C:\Windows
21:08:23.902 AVAST engine scan C:\Windows\system32
21:08:34.503 File: C:\Windows\system32\cicssfs.scmmc223.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:08:59.283 File: C:\Windows\system32\iaimfp3.dll **INFECTED** Win32:Sirefef-SM [Trj]
21:11:41.537 AVAST engine scan C:\Windows\system32\drivers
21:12:17.189 AVAST engine scan C:\Users\Steve
21:32:54.641 File: C:\Users\Steve\Documents\Vuze Downloads\Boris Fx v9.2 + Crack - HeartBug\Crack\Boris.fx.9.2_Crk.exe **INFECTED** Win32:Malware-gen
21:37:39.504 AVAST engine scan C:\ProgramData
22:07:26.630 Scan finished successfully
22:07:42.985 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
22:07:43.003 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
22:09:14.548 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
22:09:14.554 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 08 May 2012 - 09:30 AM

Now I would like you to try and run combofix again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Burtonrugbyman

Burtonrugbyman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 08 May 2012 - 11:19 AM

Thanks that ran well that time

Here is the log

ComboFix 12-05-07.02 - Steve 08/05/2012 16:41:39.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2309 [GMT 1:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\RegGenie
c:\program files\RegGenie\Backups\40682.3129463426
c:\program files\RegGenie\RegGenie.ini
c:\users\Steve\AppData\Roaming\145A.E03
c:\users\Steve\proxy_port
c:\users\Steve\Taskmgr.exe
c:\windows\$NtUninstallKB50867$
c:\windows\$NtUninstallKB50867$\1685430982\L\xadqgnnk
c:\windows\RegGenieOnUninstall.exe
c:\windows\ST6UNST.000
c:\windows\system32\dds_trash_log.cmd
F:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 16:01 . 2012-05-08 16:03 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-05-08 16:01 . 2012-05-08 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 20:01 . 2012-05-07 20:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-05 23:34 . 2012-05-05 23:34 -------- d-----w- C:\sh4ldr
2012-05-05 23:34 . 2012-05-05 23:34 110080 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-05-05 23:34 . 2012-05-05 23:34 110080 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-05-05 23:34 . 2012-05-05 23:34 110080 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-05-05 23:34 . 2012-05-05 23:34 -------- d-----w- c:\program files\Enigma Software Group
2012-05-05 23:33 . 2012-05-05 23:34 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-05 23:20 . 2012-05-05 23:20 -------- d-----w- c:\users\Steve\AppData\Roaming\SpeedyPC Software
2012-05-05 23:20 . 2012-05-05 23:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-05 23:20 . 2012-05-05 23:20 -------- d-----w- c:\program files\SpeedyPC Software
2012-05-05 23:20 . 2012-05-05 23:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-04-29 20:36 . 2012-04-29 20:36 -------- d-----w- c:\users\Steve\AppData\Local\AVG Secure Search
2012-04-23 20:51 . 2012-04-23 20:51 -------- d-----w- c:\program files\Common Files\Skype
2012-04-15 12:36 . 2012-04-15 12:36 -------- d-----w- c:\users\Steve\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-15 12:36 . 2012-04-15 12:36 -------- d-----w- c:\users\Steve\AppData\Roaming\Adobe Mini Bridge CS5
2012-04-11 02:02 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 02:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 20:02 . 2011-06-15 02:54 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 08:28 . 2012-04-03 15:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 08:28 . 2011-05-17 15:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2010-08-28 16:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 21:19 . 2010-06-02 00:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 05:44 . 2012-03-14 16:27 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 16:27 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 16:27 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 09:49 . 2012-02-10 09:49 388096 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-10 05:41 . 2012-03-14 16:28 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 16:28 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 16:28 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 16:28 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 16:28 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-19 16:26 . 2011-03-31 15:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94709E6D-4459-4223-9730-18F5763CA1E6}]
2011-03-30 18:27 81920 ----a-w- c:\program files\outsparktb\outsparkdx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-29 19:59 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-05-20 14:35 2675296 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-30 09:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"MyPoi Monitor"="c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" [2010-03-26 2114808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-29 1116544]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-11 928096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-7-26 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [2008-12-16 516480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [2008-06-27 11648]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-20 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-29 932736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
elockservice
ScFBPNT2
Airgo
avgfwsrv
tifmsony
USA49W2KP
iaimtv2
cacheserver
db2
smservaz
clipsrv
SaiNtSub
UimBus
JiaoCap
oraclesnmppeermasteragent
mferkdk
pdlnatdl
mps9
NWUSBPort
GTSCSER
PCASp50
tap0901
CVPNDRVA
mnmdd
DSXUSB
mcsysmon
StreamDispatcher
mcredirector
drvmcdb
pinetmgr
erecoveryservice
SQLAgent$MICROSOFTSMLBIZ
epstnt01
NVENET
ntiopnp
cdaudio
CdaD10BA
InCDsrvR
iomegaaccess
USBCCID
bmwebcfg
nipsvc
imaservice
caccprovsp
usprserv
aolservice
p3
susbser
SE26mgmt
Fd16_700
s616mdm
zppinger
dsbrokerservice
incdrm
ypcservice
se45mdfl
wintabservice
upsentry_smart
spmd
BrScnUsb
dcpflics
SE26obex
smsmdd
vhidmini
EhttpSrv
tavsvc
SE2Bmdm
GBFSHook
F700iob
aliadwdm
Packet
avinitnt
sfvfs02
hwpsgt
wanminiportservice
ROB_V
NuidFltr
AMDPCI
USA49W
siswlsvc
sbiesvc
mcp
netddedsdm
cd20xrnt
adiloader
s125bus
hpdskflt
s117mdm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:28]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 18:46]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 18:46]
.
2012-05-05 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-05-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-05-05 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.eurosportplayer.co.uk/tv.shtml/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.burtonrugbyclub.co.uk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B03d187d5-8d15-4df2-adc9-b71fc86b6757%7D&mid=cdbae86338613ade083e226063635f12-5a83068d446556b7c139d27420c6b432a999e0e3&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-12%2019%3A13%3A28&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Toolbar-!{94709E6D-4459-4223-9730-18F5763CA1E6} - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-60050995.sys
AddRemove-iLivid - c:\programdata\{BECCA440-C137-43CD-BA7B-AE580F9F6D17}\iLividSetupV1.exe
AddRemove-V-Ray for 3dsmax 2009 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log
AddRemove-V-Ray for 3dsmax 2010 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\install.log
AddRemove-{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} - c:\programdata\{BECCA440-C137-43CD-BA7B-AE580F9F6D17}\iLividSetupV1.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{597A9974-8CB0-4F41-B61F-ED065738A397}"=hex:51,66,7a,6c,4c,1d,38,12,1a,9a,69,
5d,82,c2,2f,0a,c9,09,ae,46,52,66,e7,83
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{94709E6D-4459-4223-9730-18F5763CA1E6}"=hex:51,66,7a,6c,4c,1d,38,12,03,9d,63,
90,6b,0a,4d,07,e8,26,5b,b5,73,62,e5,f2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{929801A8-4AEF-4D12-BE31-D85BF666452B}"=hex:51,66,7a,6c,4c,1d,38,12,c6,02,8b,
96,dd,04,7c,08,c1,27,9b,1b,f3,38,01,3f
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:36,6a,68,9c,42,26,cd,01
.
[HKEY_USERS\S-1-5-21-2277213862-2865841615-63426079-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E60EA84E-D9A5-F1D8-EC17-30EEEA3EDB9F}*]
"oanpfdeejfmfghohndpaoofiopdfga"=hex:6a,61,6a,65,6c,6f,6c,6f,62,62,70,6e,70,69,
62,63,6e,61,65,66,00,00
"napophgnanodpabhehcnlikbhaag"=hex:6a,61,6a,65,6c,6f,6c,6f,62,62,70,6e,70,69,
62,63,6e,61,65,66,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-05-08 17:08:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 16:08
.
Pre-Run: 263,287,545,856 bytes free
Post-Run: 264,024,285,184 bytes free
.
- - End Of File - - 6ED449660F2F15B6B3D30D1E664DA1A6

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 08 May 2012 - 12:31 PM

Greetings

I have attached a file - I need you to download it and save it to the desktop

right click this file and run as admin

when asked to merge into registry please allow



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Attached Files


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Burtonrugbyman

Burtonrugbyman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 08 May 2012 - 01:20 PM

Computer seems to be running fine, no problems following your instructions.

The only thing I have noticed is that the speaker icon in the bottom righthand corner has a red X and the tip says 'The Audio Service is not running' but I do have sound

Here is the report

ComboFix 12-05-08.02 - Steve 08/05/2012 18:45:43.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2039 [GMT 1:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
Command switches used :: c:\users\Steve\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 18:02 . 2012-05-08 18:02 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-05-08 18:02 . 2012-05-08 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 20:01 . 2012-05-07 20:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-05 23:34 . 2012-05-05 23:34 -------- d-----w- C:\sh4ldr
2012-05-05 23:34 . 2012-05-05 23:34 110080 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-05-05 23:34 . 2012-05-05 23:34 110080 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-05-05 23:34 . 2012-05-05 23:34 110080 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-05-05 23:34 . 2012-05-05 23:34 -------- d-----w- c:\program files\Enigma Software Group
2012-05-05 23:33 . 2012-05-05 23:34 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-05 23:20 . 2012-05-05 23:20 -------- d-----w- c:\users\Steve\AppData\Roaming\SpeedyPC Software
2012-05-05 23:20 . 2012-05-05 23:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-05 23:20 . 2012-05-05 23:20 -------- d-----w- c:\program files\SpeedyPC Software
2012-05-05 23:20 . 2012-05-05 23:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-04-29 20:36 . 2012-04-29 20:36 -------- d-----w- c:\users\Steve\AppData\Local\AVG Secure Search
2012-04-23 20:51 . 2012-04-23 20:51 -------- d-----w- c:\program files\Common Files\Skype
2012-04-15 12:36 . 2012-04-15 12:36 -------- d-----w- c:\users\Steve\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-15 12:36 . 2012-04-15 12:36 -------- d-----w- c:\users\Steve\AppData\Roaming\Adobe Mini Bridge CS5
2012-04-11 02:02 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 02:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 20:02 . 2011-06-15 02:54 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 08:28 . 2012-04-03 15:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 08:28 . 2011-05-17 15:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2010-08-28 16:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 21:19 . 2010-06-02 00:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 05:44 . 2012-03-14 16:27 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 16:27 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 16:27 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 09:49 . 2012-02-10 09:49 388096 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-10 05:41 . 2012-03-14 16:28 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 16:28 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 16:28 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 16:28 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 16:28 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-19 16:26 . 2011-03-31 15:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94709E6D-4459-4223-9730-18F5763CA1E6}]
2011-03-30 18:27 81920 ----a-w- c:\program files\outsparktb\outsparkdx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-29 19:59 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-05-20 14:35 2675296 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-05-20 2675296]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"MyPoi Monitor"="c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" [2010-03-26 2114808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-29 1116544]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-11 928096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-7-26 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [2008-12-16 516480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [2008-06-27 11648]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-20 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-29 932736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
elockservice
ScFBPNT2
Airgo
avgfwsrv
tifmsony
USA49W2KP
iaimtv2
cacheserver
db2
smservaz
clipsrv
SaiNtSub
UimBus
JiaoCap
oraclesnmppeermasteragent
mferkdk
pdlnatdl
mps9
NWUSBPort
GTSCSER
PCASp50
tap0901
CVPNDRVA
mnmdd
DSXUSB
mcsysmon
StreamDispatcher
mcredirector
drvmcdb
pinetmgr
erecoveryservice
SQLAgent$MICROSOFTSMLBIZ
epstnt01
NVENET
ntiopnp
cdaudio
CdaD10BA
InCDsrvR
iomegaaccess
USBCCID
bmwebcfg
nipsvc
imaservice
caccprovsp
usprserv
aolservice
p3
susbser
SE26mgmt
Fd16_700
s616mdm
zppinger
dsbrokerservice
incdrm
ypcservice
se45mdfl
wintabservice
upsentry_smart
spmd
BrScnUsb
dcpflics
SE26obex
smsmdd
vhidmini
EhttpSrv
tavsvc
SE2Bmdm
GBFSHook
F700iob
aliadwdm
Packet
avinitnt
sfvfs02
hwpsgt
wanminiportservice
ROB_V
NuidFltr
AMDPCI
USA49W
siswlsvc
sbiesvc
mcp
netddedsdm
cd20xrnt
adiloader
s125bus
hpdskflt
s117mdm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:28]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 18:46]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 18:46]
.
2012-05-05 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-05-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-05-05 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.eurosportplayer.co.uk/tv.shtml/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5vfqs9u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.burtonrugbyclub.co.uk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B03d187d5-8d15-4df2-adc9-b71fc86b6757%7D&mid=cdbae86338613ade083e226063635f12-5a83068d446556b7c139d27420c6b432a999e0e3&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-12%2019%3A13%3A28&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{597A9974-8CB0-4F41-B61F-ED065738A397}"=hex:51,66,7a,6c,4c,1d,38,12,1a,9a,69,
5d,82,c2,2f,0a,c9,09,ae,46,52,66,e7,83
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{94709E6D-4459-4223-9730-18F5763CA1E6}"=hex:51,66,7a,6c,4c,1d,38,12,03,9d,63,
90,6b,0a,4d,07,e8,26,5b,b5,73,62,e5,f2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{929801A8-4AEF-4D12-BE31-D85BF666452B}"=hex:51,66,7a,6c,4c,1d,38,12,c6,02,8b,
96,dd,04,7c,08,c1,27,9b,1b,f3,38,01,3f
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:36,6a,68,9c,42,26,cd,01
.
[HKEY_USERS\S-1-5-21-2277213862-2865841615-63426079-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E60EA84E-D9A5-F1D8-EC17-30EEEA3EDB9F}*]
"oanpfdeejfmfghohndpaoofiopdfga"=hex:6a,61,6a,65,6c,6f,6c,6f,62,62,70,6e,70,69,
62,63,6e,61,65,66,00,00
"napophgnanodpabhehcnlikbhaag"=hex:6a,61,6a,65,6c,6f,6c,6f,62,62,70,6e,70,69,
62,63,6e,61,65,66,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-08 19:03:39
ComboFix-quarantined-files.txt 2012-05-08 18:03
ComboFix2.txt 2012-05-08 16:08
.
Pre-Run: 263,849,123,840 bytes free
Post-Run: 263,830,441,984 bytes free
.
- - End Of File - - 69607FEE30F0096ECAC580A5B54D8AE1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users