Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Windows Firewall and Google Redirects


  • This topic is locked This topic is locked
35 replies to this topic

#1 yankmansg

yankmansg

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 14 May 2012 - 12:12 PM

Hello again. My personal business laptop, a Dell Inspiron N5110 with Windows 7 Home Premium, had a malware detected by AVG. I did a Malwarebytes scan which found and removed a Trojan. Since then I am having Google redirect issues and am unable to turn on Windows Firwall. Complete scans by Malwarebytes, AVG, Microsoft Essentials, and Kapersky TDSS Killer have all found nothing. Can you please help me with this issue. Thank you!

BC AdBot (Login to Remove)

 


#2 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 14 May 2012 - 01:48 PM

Attached File  ark.txt   823bytes   1 downloads.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sam at 13:25:32 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.1942 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\ExpressFiles\EFupdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBDBMgrN.exe
C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Google Update] "C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Apple] rundll32.exe "C:\Users\Sam\AppData\Local\Breakpad\Apple\xdshaqa.dll",DllRegisterServer
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{36F1FBFF-0972-470B-B432-AB8079472658} : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\0527F6 : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\33832544B4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\6416374745271636B6372557E6E696E676 : DhcpNameServer = 64.89.70.2 64.89.74.2
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\9716E6B6D616E6 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\B41647A756E6D275946494 : DhcpNameServer = 192.168.1.1 192.168.1.2
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\D4F656370275946494 : DhcpNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Windows\SysWOW64\QBPOSProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\c4oz4y5x.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\windows\system32\Drivers\Sahdad64.sys --> C:\windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\windows\system32\Drivers\Saibad64.sys --> C:\windows\system32\Drivers\Saibad64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 SaibVdAd64;Virtual Disk Driver;C:\windows\system32\Drivers\SaibVdAd64.sys --> C:\windows\system32\Drivers\SaibVdAd64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-25 913752]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-28 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-31 39408]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-28 13336]
R2 Intuit Entitlement Service v5;Intuit Entitlement Service v5;C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2007-6-20 20480]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-6-21 341296]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 QBPOSDBServiceV7;QBPOS Database Manager v7;C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe [2007-9-13 2613072]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-2 1248256]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-28 1692480]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-9 2666880]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-28 2655768]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\system32\drivers\btmaud.sys --> C:\windows\system32\drivers\btmaud.sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB22 [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-14 15:54:11 -------- d-----w- C:\Users\Sam\AppData\Local\{4C0DA94C-66C2-4981-8034-CE725ADECAFF}
2012-05-14 15:53:36 -------- d-----w- C:\Users\Sam\AppData\Local\{68590C6D-0262-4604-B60E-5BC4C69F2EE2}
2012-05-14 15:52:53 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6F71F12E-7B9D-47F9-BBEF-C02AE9FA67C0}\offreg.dll
2012-05-14 14:30:40 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F236710-B6DD-48CB-AE44-ABEF32AB5A93}\gapaengine.dll
2012-05-14 14:30:37 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6F71F12E-7B9D-47F9-BBEF-C02AE9FA67C0}\mpengine.dll
2012-05-14 14:29:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-14 14:28:58 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-14 13:39:52 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-14 13:39:49 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-14 13:39:49 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-14 03:43:47 -------- d-----w- C:\Users\Sam\AppData\Local\{E35115D8-2230-48E2-A49F-C7ACB1098111}
2012-05-14 03:43:03 -------- d-----w- C:\Users\Sam\AppData\Local\{0043FE2F-B02A-41DB-B9FB-B5A1A0BF79BE}
2012-05-13 17:49:32 24408 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
2012-05-13 15:41:28 -------- d-----w- C:\Users\Sam\AppData\Local\{CFB164C9-87E3-4BF8-A59D-B163E36ACAAA}
2012-05-13 15:41:01 -------- d-----w- C:\Users\Sam\AppData\Local\{7A761B9D-FB5D-483F-B276-1B17E963F901}
2012-05-12 15:23:51 -------- d-----w- C:\Users\Sam\AppData\Local\{69CE67EE-E674-4CBB-894C-80643C4083FC}
2012-05-12 15:23:39 -------- d-----w- C:\Users\Sam\AppData\Local\{4299041A-16DC-49E6-AC94-7B4D81C2DEF2}
2012-05-12 11:54:10 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-12 11:54:10 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-12 11:54:09 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 11:54:09 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-12 11:54:04 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-12 11:54:04 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-12 11:54:03 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-12 11:53:26 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 11:53:25 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:53:25 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 11:53:25 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 11:53:25 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:53:05 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-12 03:23:11 -------- d-----w- C:\Users\Sam\AppData\Local\{FA472EA2-9A28-43AF-BB11-60C9EC84F4EF}
2012-05-12 03:23:00 -------- d-----w- C:\Users\Sam\AppData\Local\{119CB2FE-FCDC-4CC6-A224-C02D98D092A7}
2012-05-11 15:04:03 -------- d-----w- C:\Users\Sam\AppData\Local\{711E08E0-4324-4F6E-B9C4-B7C81F492A82}
2012-05-11 15:03:52 -------- d-----w- C:\Users\Sam\AppData\Local\{CD5E5CF0-71D5-4502-83DA-B35271954BAE}
2012-05-11 03:03:24 -------- d-----w- C:\Users\Sam\AppData\Local\{63BC513A-D4A7-47ED-B754-790BE5917307}
2012-05-11 03:03:13 -------- d-----w- C:\Users\Sam\AppData\Local\{FBDBFFE6-8434-4F29-AEE8-BA514B8B3A6C}
2012-05-10 14:54:21 -------- d-----w- C:\Users\Sam\AppData\Local\{99CCCC23-2F94-4B82-9A20-D00868E6A355}
2012-05-10 14:54:09 -------- d-----w- C:\Users\Sam\AppData\Local\{B6C1BFB8-E4D5-47EC-A86F-2CCCAD961A15}
2012-05-10 02:53:42 -------- d-----w- C:\Users\Sam\AppData\Local\{C042F5E1-252A-4B05-A912-A883618336E0}
2012-05-10 02:53:19 -------- d-----w- C:\Users\Sam\AppData\Local\{A86A037F-FCB6-4C3A-8F4B-31F55404BA8B}
2012-05-09 18:59:20 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-05-09 11:35:06 -------- d-----w- C:\Users\Sam\AppData\Local\{552CC404-6F49-4A47-B797-EDB499DF4A21}
2012-05-09 11:34:40 -------- d-----w- C:\Users\Sam\AppData\Local\{2843E2FB-9C22-405C-8AF3-5303DB5A3FAD}
2012-05-09 04:22:22 -------- d--h--w- C:\$AVG
2012-05-08 23:00:34 -------- d-----w- C:\Users\Sam\AppData\Local\{1BE9B94D-27A6-4AD4-BB58-68835583F67B}
2012-05-08 23:00:23 -------- d-----w- C:\Users\Sam\AppData\Local\{A21C1B44-C910-4A5C-86C5-5251A57EAD26}
2012-05-08 10:59:48 -------- d-----w- C:\Users\Sam\AppData\Local\{D8A50905-9A52-4DED-AF7B-446A5FE5BFD2}
2012-05-08 10:59:32 -------- d-----w- C:\Users\Sam\AppData\Local\{DB4FD9FF-2C3D-468A-A721-99B8B669A4D9}
2012-05-07 13:45:14 -------- d-----w- C:\Users\Sam\AppData\Local\{A263930A-020F-4C72-B47C-F20FCAAC78E6}
2012-05-07 00:56:18 -------- d-----w- C:\Users\Sam\AppData\Local\{5B85FC94-EA52-43A9-814E-5C7EFB38F8F7}
2012-05-07 00:56:06 -------- d-----w- C:\Users\Sam\AppData\Local\{6F7006E0-E670-4AA7-A254-8381B2EF2AFC}
2012-05-06 03:15:06 -------- d-----w- C:\Users\Sam\AppData\Local\{AA6475E1-D858-4272-9868-213A252FFC56}
2012-05-06 03:14:43 -------- d-----w- C:\Users\Sam\AppData\Local\{9A130664-AA9C-4C4D-AE3B-CACCFCAC19C6}
2012-05-05 13:53:11 -------- d-----w- C:\Users\Sam\AppData\Local\{94BEA086-1603-41AD-9942-76D75A5922F5}
2012-05-05 13:52:58 -------- d-----w- C:\Users\Sam\AppData\Local\{25855E15-C3AC-46F7-B64F-11A75FE7AEAB}
2012-05-04 13:39:58 -------- d-----w- C:\Users\Sam\AppData\Local\{06402702-65B2-4495-9EC7-3E01F9B684D3}
2012-05-04 13:39:46 -------- d-----w- C:\Users\Sam\AppData\Local\{9D185C3D-BE30-4811-8EA2-6CF27C4692E1}
2012-05-04 01:39:07 -------- d-----w- C:\Users\Sam\AppData\Local\{19E55E52-5FB1-4645-B944-BF22035163FF}
2012-05-04 01:38:33 -------- d-----w- C:\Users\Sam\AppData\Local\{F8BC9966-3932-4DE1-9A83-16A29CF34ED4}
2012-05-03 11:08:26 -------- d-----w- C:\Users\Sam\AppData\Local\{04F584AA-125F-43C7-9D57-31FA4EEF6C8D}
2012-05-03 11:07:49 -------- d-----w- C:\Users\Sam\AppData\Local\{D1749D42-712D-46A1-9EC0-393279FD210E}
2012-05-02 11:03:00 -------- d-----w- C:\Users\Sam\AppData\Local\{1B8200F3-941D-48F8-89FB-DC26AD42980B}
2012-05-02 11:02:46 -------- d-----w- C:\Users\Sam\AppData\Local\{82128EC5-5E6D-47C6-926C-77B270E4BA1A}
2012-05-01 14:42:56 -------- d-----w- C:\Users\Sam\AppData\Local\{6DB8EDE2-2DF8-4358-8801-9B9E03191FDC}
2012-05-01 14:42:45 -------- d-----w- C:\Users\Sam\AppData\Local\{F68EBFDD-042C-408F-BECD-30D6FB258FFB}
2012-05-01 02:42:15 -------- d-----w- C:\Users\Sam\AppData\Local\{933362DF-145C-41A6-8BB1-13A1A1C06213}
2012-05-01 02:42:00 -------- d-----w- C:\Users\Sam\AppData\Local\{FB952B4F-BB10-40D4-91B1-EFBE1A55989F}
2012-04-30 13:48:23 -------- d-----w- C:\Users\Sam\AppData\Local\{C597C0BC-CDE5-4D61-AD3A-E826A5DC645D}
2012-04-30 01:47:06 -------- d-----w- C:\Users\Sam\AppData\Local\{31DA66E4-7868-4562-9147-4489440799CB}
2012-04-30 01:46:54 -------- d-----w- C:\Users\Sam\AppData\Local\{A1AC7024-77C6-4950-BCA3-B48170226153}
2012-04-29 13:46:26 -------- d-----w- C:\Users\Sam\AppData\Local\{248CE60E-8BA6-4770-A08D-5F179762F1B7}
2012-04-29 13:46:08 -------- d-----w- C:\Users\Sam\AppData\Local\{88F645F1-F6AC-4F65-A4C1-44B6A7ED2859}
2012-04-29 00:01:04 -------- d-----w- C:\Users\Sam\AppData\Local\{5BAEAEB7-1FC1-49C0-B211-2D9B7C4CE321}
2012-04-29 00:00:52 -------- d-----w- C:\Users\Sam\AppData\Local\{82689F32-21B6-4503-9BE1-E576A26A5135}
2012-04-28 12:00:21 -------- d-----w- C:\Users\Sam\AppData\Local\{1E029FB1-D603-425F-AA6D-361CBF21FD1C}
2012-04-28 12:00:09 -------- d-----w- C:\Users\Sam\AppData\Local\{E738152F-23E8-4653-8238-86CEF1D1DFC2}
2012-04-27 15:10:07 -------- d-----w- C:\Users\Sam\AppData\Local\{9320C056-76B1-458C-B621-C74516C0E802}
2012-04-27 15:09:56 -------- d-----w- C:\Users\Sam\AppData\Local\{5D4B7923-5C65-4624-8259-EA16819C89B3}
2012-04-27 03:09:22 -------- d-----w- C:\Users\Sam\AppData\Local\{83F8D7A9-1DB1-47D0-9565-FC7CCA29D70C}
2012-04-27 03:09:03 -------- d-----w- C:\Users\Sam\AppData\Local\{DE25842E-B174-42BF-89FF-72705BB4C29E}
2012-04-26 13:56:12 -------- d-----w- C:\Users\Sam\AppData\Local\{FCDD5AF5-D674-4D77-BFE9-B509C76418FB}
2012-04-26 13:55:59 -------- d-----w- C:\Users\Sam\AppData\Local\{BF365A6E-7E7E-46C5-AFFC-5C52EBBCA4F7}
2012-04-26 01:44:48 -------- d-----w- C:\Users\Sam\AppData\Local\{23ED7E03-2FEF-4F02-B99F-F8D141C985D3}
2012-04-26 01:44:38 -------- d-----w- C:\Users\Sam\AppData\Local\{EB697D16-1BBE-4943-833E-F3C27EE190CA}
2012-04-26 01:44:27 -------- d-----w- C:\Users\Sam\AppData\Local\{972A474D-C25E-470A-93AE-2C6FE4E99F14}
2012-04-26 01:44:17 -------- d-----w- C:\Users\Sam\AppData\Local\{6A8654A9-97A4-495F-8779-7440F301FB77}
2012-04-25 13:43:45 -------- d-----w- C:\Users\Sam\AppData\Local\{C7555FAD-A47D-420B-BEDA-F7323FB46DCD}
2012-04-25 13:43:26 -------- d-----w- C:\Users\Sam\AppData\Local\{27FB94C5-64E1-487A-A11F-339415DCE83D}
2012-04-25 00:52:06 -------- d-----w- C:\Users\Sam\AppData\Local\{AC681FD3-1EFE-45A0-910C-87BFC1611F48}
2012-04-25 00:51:36 -------- d-----w- C:\Users\Sam\AppData\Local\{7ED80883-2DD5-4F07-B2A6-BCD5ADA3757F}
2012-04-24 17:50:40 -------- d-----w- C:\Program Files (x86)\Audacity
2012-04-24 11:31:20 -------- d-----w- C:\Users\Sam\AppData\Local\{F16ECD2D-891A-4F7F-8DA8-6EA86FE17835}
2012-04-24 11:31:02 -------- d-----w- C:\Users\Sam\AppData\Local\{F33FEDB3-36D3-46F0-AE70-DE38F8CF09E1}
2012-04-24 00:17:24 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-04-24 00:17:22 -------- d-----w- C:\Users\Sam\AppData\Roaming\NCH Software
2012-04-23 23:25:49 -------- d-----w- C:\Users\Sam\AppData\Local\{83E434B3-C156-40B8-9045-842DCEDD961D}
2012-04-23 23:25:37 -------- d-----w- C:\Users\Sam\AppData\Local\{F1A6EE49-23FD-4FF4-A6A5-B95F81859144}
2012-04-23 11:25:08 -------- d-----w- C:\Users\Sam\AppData\Local\{6280357A-1807-4F6D-9A69-B1A267767CB5}
2012-04-23 11:24:53 -------- d-----w- C:\Users\Sam\AppData\Local\{D00EF9D2-93E5-4F4E-9123-90A18E4E0B65}
2012-04-22 14:42:36 -------- d-----w- C:\Users\Sam\AppData\Local\{A89E9049-8C12-4782-B181-89A69CFFB767}
2012-04-22 14:42:10 -------- d-----w- C:\Users\Sam\AppData\Local\{86C87C99-D8D0-4D2E-8AF5-69DC6C208101}
2012-04-21 13:28:35 -------- d-----w- C:\Users\Sam\AppData\Local\{F2231382-5835-4FEC-B614-927F869AED88}
2012-04-21 13:28:09 -------- d-----w- C:\Users\Sam\AppData\Local\{55569E6F-9BF8-49FD-955C-7FB063B8A5AC}
2012-04-20 14:13:00 -------- d-----w- C:\Users\Sam\AppData\Local\{DB891A48-6B0D-4466-B54F-5C1B97E32531}
2012-04-20 14:12:48 -------- d-----w- C:\Users\Sam\AppData\Local\{F6D2F2B8-7CDB-495A-815A-40112799475C}
2012-04-20 02:12:21 -------- d-----w- C:\Users\Sam\AppData\Local\{753E5A03-8048-465F-9E5A-3FFEFED6FA8C}
2012-04-20 02:12:11 -------- d-----w- C:\Users\Sam\AppData\Local\{B62D1093-F820-4EBC-92BF-0DF533731C8B}
2012-04-19 20:03:53 -------- d-----w- C:\Users\Sam\AppData\Local\Microsoft Help
2012-04-19 16:20:38 -------- d-----w- C:\Users\Sam\AppData\Roaming\ExpressFiles
2012-04-19 16:20:38 -------- d-----w- C:\Program Files (x86)\ExpressFiles
2012-04-19 14:11:39 -------- d-----w- C:\Users\Sam\AppData\Local\{E9FA6A29-343B-49B6-9EFD-808A598A6E3E}
2012-04-19 14:11:26 -------- d-----w- C:\Users\Sam\AppData\Local\{C23C017F-2911-4552-8B23-B9E9DDA523C1}
2012-04-19 01:33:20 -------- d-----w- C:\Users\Sam\AppData\Local\{10DC47B0-5423-4DF8-9445-83CAC0CA9624}
2012-04-19 01:33:00 -------- d-----w- C:\Users\Sam\AppData\Local\{708662CB-F4F6-4A38-8BCC-CEFC71EAFCEF}
2012-04-18 12:00:05 -------- d-----w- C:\Users\Sam\AppData\Local\{AC2F3D09-5583-4F1C-8FC7-9F48151F442B}
2012-04-18 11:58:51 -------- d-----w- C:\Users\Sam\AppData\Local\{AC7E3FDA-A557-4E7C-AB88-0E9411FEB317}
2012-04-17 11:28:29 -------- d-----w- C:\Users\Sam\AppData\Local\{933205E1-EE22-4A9B-A1FB-CD85F2AC0A24}
2012-04-17 11:28:18 -------- d-----w- C:\Users\Sam\AppData\Local\{D71FD2F7-EF4A-4D9B-9A51-DC95FA05EDAE}
2012-04-16 23:27:50 -------- d-----w- C:\Users\Sam\AppData\Local\{A06BF3FF-DC2C-4A75-A5A4-DD7C4AE419A6}
2012-04-16 23:27:38 -------- d-----w- C:\Users\Sam\AppData\Local\{4FA27C89-B0C8-45F0-B137-B005C2375D13}
2012-04-16 11:27:05 -------- d-----w- C:\Users\Sam\AppData\Local\{AC187342-EB74-4381-AD66-CCFC2388AED1}
2012-04-15 21:45:42 -------- d-----w- C:\Users\Sam\AppData\Local\{214F5E56-4586-47DE-8001-F4DD8D365454}
2012-04-15 21:45:26 -------- d-----w- C:\Users\Sam\AppData\Local\{A1769F1F-663B-4628-8583-1B5503244F8B}
2012-04-15 14:35:05 -------- d-----w- C:\windows\en
2012-04-15 14:29:28 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2a16bf811cd1b1402\MeshBetaRemover.exe
2012-04-15 14:29:27 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\299d59531cd1b1401\DSETUP.dll
2012-04-15 14:29:27 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\299d59531cd1b1401\DXSETUP.exe
2012-04-15 14:29:27 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\299d59531cd1b1401\dsetup32.dll
2012-04-15 14:06:35 -------- d-----w- C:\Users\Sam\AppData\Local\{CABCC9E3-3B30-494A-A78E-4B2405C690E6}
2012-04-15 14:06:21 -------- d-----w- C:\Users\Sam\AppData\Local\{E490D1BA-2ED7-4A4F-AC07-0BA820791AB4}
2012-04-15 01:06:35 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-15 01:06:35 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-15 01:06:35 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-15 01:06:35 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-15 01:06:35 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-15 01:05:52 -------- d-----w- C:\Users\Sam\AppData\Local\{C71DB41C-9B7D-4B55-BED3-95FBD739B417}
2012-04-15 01:05:27 -------- d-----w- C:\Users\Sam\AppData\Local\{11EE2FEF-8F85-489F-8961-30F3EB75D51C}
.
==================== Find3M ====================
.
2012-05-11 03:07:59 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 03:07:59 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-21 00:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-08 22:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-15 15:01:50 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll
.
============= FINISH: 13:26:37.75 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 15 May 2012 - 05:09 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 15 May 2012 - 06:58 AM

I followed the instructions and will post logs below. Firewall is now back on and I have not noticed any redirects. However, I cannot perform and EXE functions without running as administrator now.

In fact I cannot copy and paste the documents because I do not have the opportunity to run as administrator. Not sure what to do now?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 15 May 2012 - 08:53 AM

restart the computer and let me know if it clears up


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 15 May 2012 - 09:25 AM

LOL, I was just about to reply to you that when I rebooted the admin problem cleared up. Here are the reports.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````


ComboFix 12-05-15.03 - Sam 05/15/2012 7:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2574 [GMT -4:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\iexplorer
c:\program files (x86)\iexplorer\AxInterop.QTOControlLib.dll
c:\program files (x86)\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\iexplorer\iExplorer.exe
c:\program files (x86)\iexplorer\Interop.QTOControlLib.dll
c:\program files (x86)\iexplorer\Interop.QTOLibrary.dll
c:\program files (x86)\iexplorer\isxdl.dll
c:\program files (x86)\iexplorer\MPCrashReporter.dll
c:\program files (x86)\iexplorer\MPUpdater.dll
c:\program files (x86)\iexplorer\msvcr71.dll
c:\program files (x86)\iexplorer\PodPhone2.dll
c:\program files (x86)\iexplorer\unins000.dat
c:\program files (x86)\iexplorer\unins000.exe
c:\program files (x86)\iexplorer\unins000.msg
c:\programdata\Roaming
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\cc32100mt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 11:13 . 2012-05-15 11:13 -------- d-----w- c:\users\QBDataServiceUser22\AppData\Local\temp
2012-05-15 11:13 . 2012-05-15 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 14:28 . 2012-05-14 22:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-14 13:39 . 2012-05-14 22:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-12 12:45 . 2012-05-14 22:32 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-12 11:54 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 11:54 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 11:54 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 11:54 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 11:54 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 11:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 11:54 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 11:53 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 11:53 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 11:53 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:53 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 11:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:53 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 18:59 . 2012-05-09 18:59 -------- d-----w- c:\program files (x86)\TeamViewer
2012-05-09 04:22 . 2012-05-14 23:44 -------- d-----w- C:\$AVG
2012-04-24 17:50 . 2012-04-24 18:13 -------- d-----w- c:\users\Sam\AppData\Roaming\Audacity
2012-04-24 17:50 . 2012-04-24 17:50 -------- d-----w- c:\program files (x86)\Audacity
2012-04-24 00:17 . 2012-04-24 00:17 -------- d-----w- c:\programdata\NCH Software
2012-04-24 00:17 . 2012-04-24 00:17 -------- d-----w- c:\program files (x86)\NCH Software
2012-04-24 00:17 . 2012-04-24 00:19 -------- d-----w- c:\users\Sam\AppData\Roaming\NCH Software
2012-04-19 20:03 . 2012-04-19 20:03 -------- d-----w- c:\programdata\Microsoft Help
2012-04-19 20:03 . 2012-04-19 20:03 -------- d-----w- c:\users\Sam\AppData\Local\Microsoft Help
2012-04-19 16:20 . 2012-04-19 16:20 -------- d-----w- c:\users\Sam\AppData\Roaming\ExpressFiles
2012-04-19 16:20 . 2012-04-19 16:20 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-15 14:35 . 2012-04-15 14:35 -------- d-----w- c:\windows\en
2012-04-15 14:29 . 2012-04-15 14:29 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2a16bf811cd1b1402\MeshBetaRemover.exe
2012-04-15 14:29 . 2012-04-15 14:29 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\299d59531cd1b1401\DSETUP.dll
2012-04-15 14:29 . 2012-04-15 14:29 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\299d59531cd1b1401\DXSETUP.exe
2012-04-15 14:29 . 2012-04-15 14:29 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\299d59531cd1b1401\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 03:07 . 2012-03-30 11:08 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 03:07 . 2011-11-19 04:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-12 16:38 . 2012-04-12 16:38 53248 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-03-19 09:17 . 2012-03-19 09:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-14 12:16 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-14 12:16 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-14 12:16 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-14 12:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-14 12:16 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-14 12:16 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-14 12:16 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-14 12:19 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-14 12:19 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-14 12:19 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-14 12:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-14 12:19 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-14 12:19 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-14 12:19 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-14 12:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-17 06:38 . 2012-03-14 11:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-04-29 75064]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-04-19 467576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intuit Entitlement Service v5;Intuit Entitlement Service v5;c:\program files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2007-06-20 20480]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 QBPOSDBServiceV7;QBPOS Database Manager v7;c:\program files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe [2007-09-13 2613072]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-02 1248256]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~2.0\QBDBMgrN.exe [2011-11-02 679936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 18:25]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 18:25]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959704521-1845163907-2626882050-1001Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 18:25]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959704521-1845163907-2626882050-1001UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 18:25]
.
2011-11-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-05-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\c4oz4y5x.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files (x86)\iExplorer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6d,42,a9,93,8d,1c,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,51,82,bf,d5,a7,47,49,a1,a9,57,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,51,82,bf,d5,a7,47,49,a1,a9,57,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ExpressFiles\EFupdater.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBDBMgrN.exe
c:\program files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBDBMgrN.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-15 07:41:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 11:41
.
Pre-Run: 317,453,438,976 bytes free
Post-Run: 317,515,771,904 bytes free
.
- - End Of File - - 79CEE1170460438BB4C256DFD25EF109

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 15 May 2012 - 09:51 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 15 May 2012 - 11:33 AM

The TDSS Killer found nothing, posted below.

The aswMBR ran for about an hour and then I got a blue screen crash. It never finished. What should I do now?



10:55:23.0763 5004 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:55:24.0169 5004 ============================================================
10:55:24.0169 5004 Current date / time: 2012/05/15 10:55:24.0169
10:55:24.0169 5004 SystemInfo:
10:55:24.0169 5004
10:55:24.0169 5004 OS Version: 6.1.7601 ServicePack: 1.0
10:55:24.0169 5004 Product type: Workstation
10:55:24.0169 5004 ComputerName: D4N1OCK52
10:55:24.0169 5004 UserName: Sam
10:55:24.0169 5004 Windows directory: C:\windows
10:55:24.0169 5004 System windows directory: C:\windows
10:55:24.0169 5004 Running under WOW64
10:55:24.0169 5004 Processor architecture: Intel x64
10:55:24.0169 5004 Number of processors: 4
10:55:24.0169 5004 Page size: 0x1000
10:55:24.0169 5004 Boot type: Normal boot
10:55:24.0169 5004 ============================================================
10:55:25.0963 5004 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:55:25.0979 5004 ============================================================
10:55:25.0979 5004 \Device\Harddisk0\DR0:
10:55:25.0979 5004 MBR partitions:
10:55:25.0979 5004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
10:55:25.0979 5004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
10:55:25.0979 5004 ============================================================
10:55:26.0025 5004 C: <-> \Device\Harddisk0\DR0\Partition1
10:55:26.0025 5004 ============================================================
10:55:26.0025 5004 Initialize success
10:55:26.0025 5004 ============================================================
10:55:46.0649 1372 ============================================================
10:55:46.0649 1372 Scan started
10:55:46.0649 1372 Mode: Manual;
10:55:46.0649 1372 ============================================================
10:55:49.0098 1372 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
10:55:49.0098 1372 1394ohci - ok
10:55:49.0301 1372 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (a15069eec83ebc54150564b2585cfdba) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
10:55:49.0316 1372 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
10:55:49.0410 1372 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
10:55:49.0410 1372 ACPI - ok
10:55:49.0457 1372 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
10:55:49.0457 1372 AcpiPmi - ok
10:55:49.0597 1372 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:55:49.0597 1372 AdobeARMservice - ok
10:55:49.0706 1372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
10:55:49.0722 1372 adp94xx - ok
10:55:49.0784 1372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
10:55:49.0784 1372 adpahci - ok
10:55:49.0831 1372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
10:55:49.0862 1372 adpu320 - ok
10:55:50.0049 1372 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
10:55:50.0049 1372 AdvancedSystemCareService5 - ok
10:55:50.0081 1372 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
10:55:50.0081 1372 AeLookupSvc - ok
10:55:50.0190 1372 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
10:55:50.0205 1372 AESTFilters - ok
10:55:50.0642 1372 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
10:55:50.0673 1372 AFD - ok
10:55:50.0736 1372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
10:55:50.0736 1372 agp440 - ok
10:55:50.0814 1372 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
10:55:50.0814 1372 ALG - ok
10:55:50.0876 1372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
10:55:50.0876 1372 aliide - ok
10:55:50.0892 1372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
10:55:50.0892 1372 amdide - ok
10:55:51.0063 1372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
10:55:51.0110 1372 AmdK8 - ok
10:55:51.0204 1372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
10:55:51.0204 1372 AmdPPM - ok
10:55:51.0251 1372 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
10:55:51.0297 1372 amdsata - ok
10:55:51.0344 1372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
10:55:51.0375 1372 amdsbs - ok
10:55:51.0407 1372 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
10:55:51.0407 1372 amdxata - ok
10:55:51.0485 1372 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\windows\system32\DRIVERS\AMPPAL.sys
10:55:51.0516 1372 AMPPAL - ok
10:55:51.0547 1372 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\windows\system32\DRIVERS\amppal.sys
10:55:51.0547 1372 AMPPALP - ok
10:55:51.0906 1372 AMPPALR3 (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:55:51.0937 1372 AMPPALR3 - ok
10:55:52.0280 1372 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
10:55:52.0296 1372 ApfiltrService - ok
10:55:52.0467 1372 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
10:55:52.0499 1372 AppID - ok
10:55:52.0530 1372 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
10:55:52.0530 1372 AppIDSvc - ok
10:55:52.0561 1372 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
10:55:52.0561 1372 Appinfo - ok
10:55:52.0701 1372 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:55:52.0701 1372 Apple Mobile Device - ok
10:55:52.0811 1372 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
10:55:52.0811 1372 arc - ok
10:55:52.0842 1372 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
10:55:52.0857 1372 arcsas - ok
10:55:53.0029 1372 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:55:53.0060 1372 aspnet_state - ok
10:55:53.0091 1372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
10:55:53.0091 1372 AsyncMac - ok
10:55:53.0154 1372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
10:55:53.0154 1372 atapi - ok
10:55:53.0294 1372 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:55:53.0310 1372 AudioEndpointBuilder - ok
10:55:53.0310 1372 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:55:53.0325 1372 AudioSrv - ok
10:55:54.0230 1372 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
10:55:54.0371 1372 AVGIDSAgent - ok
10:55:54.0683 1372 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
10:55:54.0729 1372 AVGIDSDriver - ok
10:55:54.0807 1372 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
10:55:54.0807 1372 AVGIDSFilter - ok
10:55:54.0901 1372 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
10:55:54.0901 1372 AVGIDSHA - ok
10:55:54.0963 1372 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
10:55:54.0995 1372 Avgldx64 - ok
10:55:55.0041 1372 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
10:55:55.0057 1372 Avgmfx64 - ok
10:55:55.0088 1372 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
10:55:55.0104 1372 Avgrkx64 - ok
10:55:55.0166 1372 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
10:55:55.0166 1372 Avgtdia - ok
10:55:55.0291 1372 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:55:55.0291 1372 avgwd - ok
10:55:55.0353 1372 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
10:55:55.0385 1372 AxInstSV - ok
10:55:55.0509 1372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
10:55:55.0525 1372 b06bdrv - ok
10:55:55.0619 1372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
10:55:55.0650 1372 b57nd60a - ok
10:55:55.0712 1372 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
10:55:55.0728 1372 BDESVC - ok
10:55:55.0743 1372 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
10:55:55.0743 1372 Beep - ok
10:55:55.0884 1372 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
10:55:55.0931 1372 BFE - ok
10:55:56.0071 1372 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
10:55:56.0102 1372 BITS - ok
10:55:56.0196 1372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
10:55:56.0211 1372 blbdrive - ok
10:55:56.0414 1372 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:55:56.0430 1372 Bluetooth Device Monitor - ok
10:55:56.0586 1372 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:55:56.0633 1372 Bluetooth Media Service - ok
10:55:56.0835 1372 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:55:56.0851 1372 Bluetooth OBEX Service - ok
10:55:57.0179 1372 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:55:57.0194 1372 Bonjour Service - ok
10:55:57.0350 1372 BOT4Service (2309601e5d37e0304f8bcfb57190756e) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
10:55:57.0350 1372 BOT4Service - ok
10:55:57.0600 1372 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
10:55:57.0600 1372 bowser - ok
10:55:57.0647 1372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
10:55:57.0647 1372 BrFiltLo - ok
10:55:57.0678 1372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
10:55:57.0678 1372 BrFiltUp - ok
10:55:57.0725 1372 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
10:55:57.0740 1372 BridgeMP - ok
10:55:57.0803 1372 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
10:55:57.0834 1372 Browser - ok
10:55:57.0881 1372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
10:55:57.0896 1372 Brserid - ok
10:55:57.0927 1372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
10:55:57.0927 1372 BrSerWdm - ok
10:55:57.0959 1372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
10:55:57.0974 1372 BrUsbMdm - ok
10:55:57.0990 1372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
10:55:57.0990 1372 BrUsbSer - ok
10:55:58.0052 1372 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
10:55:58.0052 1372 BthEnum - ok
10:55:58.0099 1372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
10:55:58.0099 1372 BTHMODEM - ok
10:55:58.0146 1372 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
10:55:58.0161 1372 BthPan - ok
10:55:58.0286 1372 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
10:55:58.0317 1372 BTHPORT - ok
10:55:58.0364 1372 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
10:55:58.0364 1372 bthserv - ok
10:55:58.0473 1372 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:55:58.0473 1372 BTHSSecurityMgr - ok
10:55:58.0520 1372 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
10:55:58.0520 1372 BTHUSB - ok
10:55:58.0551 1372 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys
10:55:58.0551 1372 btmaudio - ok
10:55:58.0583 1372 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys
10:55:58.0583 1372 btmaux - ok
10:55:58.0661 1372 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\windows\system32\DRIVERS\btmhsf.sys
10:55:58.0692 1372 btmhsf - ok
10:55:58.0723 1372 catchme - ok
10:55:58.0770 1372 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
10:55:58.0770 1372 cdfs - ok
10:55:58.0848 1372 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
10:55:58.0879 1372 cdrom - ok
10:55:58.0941 1372 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:55:58.0941 1372 CertPropSvc - ok
10:55:58.0988 1372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
10:55:58.0988 1372 circlass - ok
10:55:59.0066 1372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
10:55:59.0082 1372 CLFS - ok
10:55:59.0160 1372 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:55:59.0175 1372 clr_optimization_v2.0.50727_32 - ok
10:55:59.0222 1372 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:55:59.0253 1372 clr_optimization_v2.0.50727_64 - ok
10:55:59.0347 1372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:55:59.0394 1372 clr_optimization_v4.0.30319_32 - ok
10:55:59.0799 1372 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:55:59.0846 1372 clr_optimization_v4.0.30319_64 - ok
10:55:59.0909 1372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
10:55:59.0909 1372 CmBatt - ok
10:55:59.0924 1372 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
10:55:59.0940 1372 cmdide - ok
10:56:00.0049 1372 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
10:56:00.0065 1372 CNG - ok
10:56:00.0111 1372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
10:56:00.0111 1372 Compbatt - ok
10:56:00.0158 1372 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
10:56:00.0174 1372 CompositeBus - ok
10:56:00.0189 1372 COMSysApp - ok
10:56:00.0221 1372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
10:56:00.0236 1372 crcdisk - ok
10:56:00.0283 1372 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
10:56:00.0314 1372 CryptSvc - ok
10:56:00.0423 1372 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
10:56:00.0439 1372 CtClsFlt - ok
10:56:00.0689 1372 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:56:00.0704 1372 cvhsvc - ok
10:56:00.0845 1372 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:56:00.0845 1372 DcomLaunch - ok
10:56:00.0907 1372 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
10:56:00.0938 1372 defragsvc - ok
10:56:01.0079 1372 DellDigitalDelivery (bc8362b60304a9ed9416c305f6df5247) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
10:56:01.0094 1372 DellDigitalDelivery - ok
10:56:01.0203 1372 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
10:56:01.0219 1372 DfsC - ok
10:56:01.0297 1372 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
10:56:01.0313 1372 Dhcp - ok
10:56:01.0328 1372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
10:56:01.0328 1372 discache - ok
10:56:01.0391 1372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
10:56:01.0391 1372 Disk - ok
10:56:01.0422 1372 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
10:56:01.0453 1372 Dnscache - ok
10:56:01.0484 1372 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
10:56:01.0500 1372 dot3svc - ok
10:56:01.0531 1372 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
10:56:01.0562 1372 DPS - ok
10:56:01.0593 1372 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
10:56:01.0593 1372 drmkaud - ok
10:56:01.0734 1372 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
10:56:01.0765 1372 DXGKrnl - ok
10:56:01.0796 1372 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
10:56:01.0827 1372 EapHost - ok
10:56:02.0217 1372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
10:56:02.0311 1372 ebdrv - ok
10:56:02.0451 1372 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
10:56:02.0451 1372 EFS - ok
10:56:02.0639 1372 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
10:56:02.0670 1372 ehRecvr - ok
10:56:02.0717 1372 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
10:56:02.0717 1372 ehSched - ok
10:56:02.0857 1372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
10:56:02.0888 1372 elxstor - ok
10:56:02.0904 1372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
10:56:02.0904 1372 ErrDev - ok
10:56:02.0982 1372 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
10:56:02.0997 1372 EventSystem - ok
10:56:03.0325 1372 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:56:03.0387 1372 EvtEng - ok
10:56:04.0651 1372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
10:56:04.0667 1372 exfat - ok
10:56:04.0713 1372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
10:56:04.0745 1372 fastfat - ok
10:56:04.0885 1372 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
10:56:04.0947 1372 Fax - ok
10:56:04.0994 1372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
10:56:04.0994 1372 fdc - ok
10:56:05.0213 1372 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
10:56:05.0275 1372 fdPHost - ok
10:56:05.0369 1372 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
10:56:05.0369 1372 FDResPub - ok
10:56:05.0415 1372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
10:56:05.0431 1372 FileInfo - ok
10:56:05.0447 1372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
10:56:05.0447 1372 Filetrace - ok
10:56:05.0462 1372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
10:56:05.0462 1372 flpydisk - ok
10:56:05.0525 1372 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
10:56:05.0556 1372 FltMgr - ok
10:56:05.0712 1372 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
10:56:05.0774 1372 FontCache - ok
10:56:05.0852 1372 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:56:05.0852 1372 FontCache3.0.0.0 - ok
10:56:05.0915 1372 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
10:56:05.0915 1372 FsDepends - ok
10:56:05.0961 1372 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
10:56:05.0961 1372 Fs_Rec - ok
10:56:06.0039 1372 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
10:56:06.0039 1372 fvevol - ok
10:56:06.0086 1372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
10:56:06.0086 1372 gagp30kx - ok
10:56:06.0164 1372 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:56:06.0180 1372 GamesAppService - ok
10:56:06.0289 1372 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:56:06.0289 1372 GEARAspiWDM - ok
10:56:06.0429 1372 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
10:56:06.0461 1372 gpsvc - ok
10:56:06.0570 1372 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:56:06.0570 1372 gupdate - ok
10:56:06.0617 1372 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:56:06.0617 1372 gupdatem - ok
10:56:06.0663 1372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
10:56:06.0663 1372 hcw85cir - ok
10:56:06.0741 1372 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
10:56:06.0788 1372 HdAudAddService - ok
10:56:06.0819 1372 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
10:56:06.0851 1372 HDAudBus - ok
10:56:06.0866 1372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
10:56:06.0866 1372 HidBatt - ok
10:56:06.0897 1372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
10:56:06.0929 1372 HidBth - ok
10:56:06.0975 1372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
10:56:06.0975 1372 HidIr - ok
10:56:07.0022 1372 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
10:56:07.0022 1372 hidserv - ok
10:56:07.0053 1372 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
10:56:07.0069 1372 HidUsb - ok
10:56:07.0100 1372 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
10:56:07.0116 1372 hkmsvc - ok
10:56:07.0163 1372 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
10:56:07.0178 1372 HomeGroupListener - ok
10:56:07.0241 1372 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
10:56:07.0241 1372 HomeGroupProvider - ok
10:56:07.0287 1372 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
10:56:07.0287 1372 HpSAMD - ok
10:56:07.0412 1372 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
10:56:07.0428 1372 HTTP - ok
10:56:07.0459 1372 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
10:56:07.0459 1372 hwpolicy - ok
10:56:07.0490 1372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
10:56:07.0506 1372 i8042prt - ok
10:56:07.0615 1372 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
10:56:07.0631 1372 iaStor - ok
10:56:07.0927 1372 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:56:07.0927 1372 IAStorDataMgrSvc - ok
10:56:08.0021 1372 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
10:56:08.0036 1372 iaStorV - ok
10:56:08.0099 1372 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\windows\system32\DRIVERS\iBtFltCoex.sys
10:56:08.0099 1372 iBtFltCoex - ok
10:56:08.0317 1372 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:56:08.0348 1372 idsvc - ok
10:56:09.0861 1372 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
10:56:10.0095 1372 igfx - ok
10:56:10.0267 1372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
10:56:10.0283 1372 iirsp - ok
10:56:10.0439 1372 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
10:56:10.0470 1372 IKEEXT - ok
10:56:10.0532 1372 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
10:56:10.0532 1372 intaud_WaveExtensible - ok
10:56:10.0626 1372 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
10:56:10.0641 1372 IntcDAud - ok
10:56:10.0673 1372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
10:56:10.0673 1372 intelide - ok
10:56:10.0719 1372 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
10:56:10.0719 1372 intelppm - ok
10:56:10.0860 1372 Intuit Entitlement Service v5 (f651cac43e18ce6cc0e56ed8437680cb) C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
10:56:10.0860 1372 Intuit Entitlement Service v5 - ok
10:56:10.0907 1372 IntuitUpdateService (578ccf9a2a1a3be8dc4140f6295ac995) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:56:10.0922 1372 IntuitUpdateService - ok
10:56:11.0141 1372 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
10:56:11.0172 1372 IPBusEnum - ok
10:56:11.0203 1372 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:56:11.0203 1372 IpFilterDriver - ok
10:56:11.0343 1372 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
10:56:11.0359 1372 iphlpsvc - ok
10:56:11.0390 1372 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
10:56:11.0390 1372 IPMIDRV - ok
10:56:11.0437 1372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
10:56:11.0453 1372 IPNAT - ok
10:56:11.0655 1372 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
10:56:11.0671 1372 iPod Service - ok
10:56:11.0718 1372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
10:56:11.0718 1372 IRENUM - ok
10:56:11.0749 1372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
10:56:11.0749 1372 isapnp - ok
10:56:11.0796 1372 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
10:56:11.0811 1372 iScsiPrt - ok
10:56:11.0858 1372 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
10:56:11.0874 1372 iwdbus - ok
10:56:11.0921 1372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
10:56:11.0921 1372 kbdclass - ok
10:56:11.0952 1372 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
10:56:11.0952 1372 kbdhid - ok
10:56:11.0999 1372 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:56:11.0999 1372 KeyIso - ok
10:56:12.0045 1372 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
10:56:12.0045 1372 KSecDD - ok
10:56:12.0092 1372 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
10:56:12.0108 1372 KSecPkg - ok
10:56:12.0155 1372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
10:56:12.0155 1372 ksthunk - ok
10:56:12.0295 1372 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
10:56:12.0311 1372 KtmRm - ok
10:56:12.0389 1372 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
10:56:12.0404 1372 LanmanServer - ok
10:56:12.0482 1372 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
10:56:12.0498 1372 LanmanWorkstation - ok
10:56:12.0560 1372 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
10:56:12.0560 1372 lltdio - ok
10:56:12.0701 1372 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
10:56:12.0763 1372 lltdsvc - ok
10:56:12.0794 1372 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
10:56:12.0794 1372 lmhosts - ok
10:56:13.0091 1372 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:56:13.0106 1372 LMS - ok
10:56:13.0169 1372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
10:56:13.0200 1372 LSI_FC - ok
10:56:13.0231 1372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
10:56:13.0262 1372 LSI_SAS - ok
10:56:13.0293 1372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
10:56:13.0293 1372 LSI_SAS2 - ok
10:56:13.0309 1372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
10:56:13.0309 1372 LSI_SCSI - ok
10:56:13.0356 1372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
10:56:13.0387 1372 luafv - ok
10:56:13.0418 1372 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
10:56:13.0449 1372 Mcx2Svc - ok
10:56:13.0449 1372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
10:56:13.0449 1372 megasas - ok
10:56:13.0512 1372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
10:56:13.0527 1372 MegaSR - ok
10:56:13.0574 1372 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
10:56:13.0574 1372 MEIx64 - ok
10:56:13.0621 1372 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:56:13.0621 1372 MMCSS - ok
10:56:13.0637 1372 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
10:56:13.0652 1372 Modem - ok
10:56:13.0699 1372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
10:56:13.0699 1372 monitor - ok
10:56:13.0730 1372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
10:56:13.0746 1372 mouclass - ok
10:56:13.0777 1372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
10:56:13.0793 1372 mouhid - ok
10:56:13.0808 1372 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
10:56:13.0808 1372 mountmgr - ok
10:56:13.0855 1372 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
10:56:13.0871 1372 mpio - ok
10:56:13.0902 1372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
10:56:13.0902 1372 mpsdrv - ok
10:56:14.0105 1372 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
10:56:14.0136 1372 MpsSvc - ok
10:56:14.0167 1372 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
10:56:14.0183 1372 MRxDAV - ok
10:56:14.0229 1372 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
10:56:14.0245 1372 mrxsmb - ok
10:56:14.0307 1372 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:56:14.0339 1372 mrxsmb10 - ok
10:56:14.0370 1372 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:56:14.0370 1372 mrxsmb20 - ok
10:56:14.0401 1372 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
10:56:14.0401 1372 msahci - ok
10:56:14.0432 1372 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
10:56:14.0448 1372 msdsm - ok
10:56:14.0479 1372 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
10:56:14.0495 1372 MSDTC - ok
10:56:14.0526 1372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
10:56:14.0526 1372 Msfs - ok
10:56:14.0557 1372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
10:56:14.0573 1372 mshidkmdf - ok
10:56:14.0588 1372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
10:56:14.0588 1372 msisadrv - ok
10:56:14.0635 1372 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
10:56:14.0651 1372 MSiSCSI - ok
10:56:14.0651 1372 msiserver - ok
10:56:14.0682 1372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
10:56:14.0682 1372 MSKSSRV - ok
10:56:14.0697 1372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
10:56:14.0697 1372 MSPCLOCK - ok
10:56:14.0713 1372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
10:56:14.0729 1372 MSPQM - ok
10:56:14.0791 1372 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
10:56:14.0838 1372 MsRPC - ok
10:56:14.0869 1372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
10:56:14.0885 1372 mssmbios - ok
10:56:14.0900 1372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
10:56:14.0900 1372 MSTEE - ok
10:56:14.0916 1372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
10:56:14.0916 1372 MTConfig - ok
10:56:14.0947 1372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
10:56:14.0947 1372 Mup - ok
10:56:15.0992 1372 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:56:16.0039 1372 MyWiFiDHCPDNS - ok
10:56:16.0179 1372 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
10:56:16.0179 1372 napagent - ok
10:56:16.0273 1372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
10:56:16.0304 1372 NativeWifiP - ok
10:56:16.0663 1372 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
10:56:16.0679 1372 NAUpdate - ok
10:56:16.0850 1372 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
10:56:16.0866 1372 NDIS - ok
10:56:16.0913 1372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
10:56:16.0913 1372 NdisCap - ok
10:56:16.0959 1372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
10:56:16.0959 1372 NdisTapi - ok
10:56:17.0006 1372 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
10:56:17.0006 1372 Ndisuio - ok
10:56:17.0037 1372 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
10:56:17.0053 1372 NdisWan - ok
10:56:17.0084 1372 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
10:56:17.0100 1372 NDProxy - ok
10:56:17.0131 1372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
10:56:17.0131 1372 NetBIOS - ok
10:56:17.0178 1372 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
10:56:17.0193 1372 NetBT - ok
10:56:17.0225 1372 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:56:17.0240 1372 Netlogon - ok
10:56:17.0303 1372 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
10:56:17.0334 1372 Netman - ok
10:56:17.0490 1372 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:56:17.0521 1372 NetMsmqActivator - ok
10:56:17.0521 1372 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:56:17.0521 1372 NetPipeActivator - ok
10:56:17.0599 1372 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
10:56:17.0615 1372 netprofm - ok
10:56:17.0615 1372 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:56:17.0630 1372 NetTcpActivator - ok
10:56:17.0630 1372 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:56:17.0630 1372 NetTcpPortSharing - ok
10:56:18.0831 1372 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\windows\system32\DRIVERS\NETwNs64.sys
10:56:19.0003 1372 NETwNs64 - ok
10:56:19.0299 1372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
10:56:19.0299 1372 nfrd960 - ok
10:56:19.0549 1372 NitroReaderDriverReadSpool2 (0734398d3d99986bb8006e9bb5eab1e5) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
10:56:19.0565 1372 NitroReaderDriverReadSpool2 - ok
10:56:19.0643 1372 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
10:56:19.0658 1372 NlaSvc - ok
10:56:20.0126 1372 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
10:56:20.0189 1372 NOBU - ok
10:56:20.0501 1372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
10:56:20.0501 1372 Npfs - ok
10:56:20.0516 1372 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
10:56:20.0547 1372 nsi - ok
10:56:20.0563 1372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
10:56:20.0563 1372 nsiproxy - ok
10:56:20.0828 1372 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
10:56:20.0859 1372 Ntfs - ok
10:56:21.0109 1372 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
10:56:21.0109 1372 Null - ok
10:56:21.0156 1372 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
10:56:21.0171 1372 nusb3hub - ok
10:56:21.0234 1372 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
10:56:21.0249 1372 nusb3xhc - ok
10:56:21.0296 1372 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
10:56:21.0312 1372 nvraid - ok
10:56:21.0359 1372 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
10:56:21.0374 1372 nvstor - ok
10:56:21.0437 1372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
10:56:21.0468 1372 nv_agp - ok
10:56:21.0499 1372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
10:56:21.0515 1372 ohci1394 - ok
10:56:21.0639 1372 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:56:21.0655 1372 ose - ok
10:56:22.0466 1372 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:56:22.0575 1372 osppsvc - ok
10:56:22.0903 1372 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:56:22.0919 1372 p2pimsvc - ok
10:56:23.0168 1372 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
10:56:23.0184 1372 p2psvc - ok
10:56:23.0340 1372 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
10:56:23.0340 1372 Parport - ok
10:56:23.0402 1372 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
10:56:23.0418 1372 partmgr - ok
10:56:23.0449 1372 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
10:56:23.0465 1372 PcaSvc - ok
10:56:23.0496 1372 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
10:56:23.0511 1372 pci - ok
10:56:23.0527 1372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
10:56:23.0527 1372 pciide - ok
10:56:23.0574 1372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
10:56:23.0589 1372 pcmcia - ok
10:56:23.0621 1372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
10:56:23.0621 1372 pcw - ok
10:56:23.0699 1372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
10:56:23.0714 1372 PEAUTH - ok
10:56:23.0886 1372 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
10:56:23.0886 1372 PerfHost - ok
10:56:24.0198 1372 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
10:56:24.0245 1372 pla - ok
10:56:24.0370 1372 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
10:56:24.0385 1372 PlugPlay - ok
10:56:24.0432 1372 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
10:56:24.0432 1372 PNRPAutoReg - ok
10:56:24.0510 1372 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:56:24.0510 1372 PNRPsvc - ok
10:56:24.0588 1372 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
10:56:24.0604 1372 PolicyAgent - ok
10:56:24.0682 1372 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
10:56:24.0697 1372 Power - ok
10:56:24.0806 1372 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
10:56:24.0822 1372 PptpMiniport - ok
10:56:24.0853 1372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
10:56:24.0853 1372 Processor - ok
10:56:24.0900 1372 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
10:56:24.0947 1372 ProfSvc - ok
10:56:24.0994 1372 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:56:24.0994 1372 ProtectedStorage - ok
10:56:25.0087 1372 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
10:56:25.0087 1372 Psched - ok
10:56:25.0150 1372 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
10:56:25.0150 1372 PxHlpa64 - ok
10:56:25.0352 1372 QBCFMonitorService (4080e220eb20d87ae74d12570b8a8027) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:56:25.0352 1372 QBCFMonitorService - ok
10:56:25.0430 1372 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:56:25.0430 1372 QBFCService - ok
10:56:26.0054 1372 QBPOSDBServiceV7 (97b62dd56a7920e843f4d2b74de5b034) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe
10:56:26.0148 1372 QBPOSDBServiceV7 - ok
10:56:26.0491 1372 QBVSS (8f5b666c7035deeb6d945f4e4647c96a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
10:56:26.0491 1372 QBVSS - ok
10:56:27.0037 1372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
10:56:27.0115 1372 ql2300 - ok
10:56:27.0380 1372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
10:56:27.0396 1372 ql40xx - ok
10:56:27.0833 1372 QuickBooksDB22 - ok
10:56:28.0020 1372 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
10:56:28.0020 1372 QWAVE - ok
10:56:28.0067 1372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
10:56:28.0067 1372 QWAVEdrv - ok
10:56:28.0082 1372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
10:56:28.0098 1372 RasAcd - ok
10:56:28.0160 1372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
10:56:28.0160 1372 RasAgileVpn - ok
10:56:28.0238 1372 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
10:56:28.0254 1372 RasAuto - ok
10:56:28.0301 1372 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
10:56:28.0316 1372 Rasl2tp - ok
10:56:28.0394 1372 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
10:56:28.0426 1372 RasMan - ok
10:56:28.0457 1372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
10:56:28.0488 1372 RasPppoe - ok
10:56:28.0535 1372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
10:56:28.0550 1372 RasSstp - ok
10:56:28.0597 1372 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
10:56:28.0644 1372 rdbss - ok
10:56:28.0675 1372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
10:56:28.0675 1372 rdpbus - ok
10:56:28.0706 1372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
10:56:28.0706 1372 RDPCDD - ok
10:56:28.0722 1372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
10:56:28.0722 1372 RDPENCDD - ok
10:56:28.0769 1372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
10:56:28.0769 1372 RDPREFMP - ok
10:56:28.0847 1372 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
10:56:28.0894 1372 RDPWD - ok
10:56:28.0972 1372 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
10:56:28.0987 1372 rdyboost - ok
10:56:29.0486 1372 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:56:29.0518 1372 RegSrvc - ok
10:56:29.0596 1372 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
10:56:29.0627 1372 RemoteAccess - ok
10:56:29.0674 1372 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
10:56:29.0705 1372 RemoteRegistry - ok
10:56:29.0939 1372 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
10:56:29.0954 1372 RFCOMM - ok
10:56:30.0017 1372 RimUsb (ad42432d22940b4215177be113e4919c) C:\windows\system32\Drivers\RimUsb_AMD64.sys
10:56:30.0064 1372 RimUsb - ok
10:56:30.0126 1372 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
10:56:30.0126 1372 RimVSerPort - ok
10:56:30.0142 1372 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
10:56:30.0157 1372 ROOTMODEM - ok
10:56:30.0703 1372 RoxMediaDB13 (053a0d66b1982d93a20062e4da40b29b) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
10:56:30.0750 1372 RoxMediaDB13 - ok
10:56:31.0140 1372 RoxWatch12 (495c85b15470374a9499451893742ee6) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
10:56:31.0171 1372 RoxWatch12 - ok
10:56:31.0312 1372 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
10:56:31.0327 1372 RpcEptMapper - ok
10:56:31.0358 1372 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
10:56:31.0358 1372 RpcLocator - ok
10:56:31.0436 1372 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:56:31.0452 1372 RpcSs - ok
10:56:31.0514 1372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
10:56:31.0530 1372 rspndr - ok
10:56:31.0624 1372 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
10:56:31.0639 1372 RSUSBSTOR - ok
10:56:31.0733 1372 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
10:56:31.0748 1372 RTL8167 - ok
10:56:31.0795 1372 Sahdad64 (27db9153d259d632d15483deeab799ed) C:\windows\system32\Drivers\Sahdad64.sys
10:56:31.0795 1372 Sahdad64 - ok
10:56:31.0811 1372 Saibad64 (f77849d909b90bcacfcf7295aecf299b) C:\windows\system32\Drivers\Saibad64.sys
10:56:31.0811 1372 Saibad64 - ok
10:56:31.0842 1372 SaibVdAd64 (704d415290a568f68de20942dac23f7e) C:\windows\system32\Drivers\SaibVdAd64.sys
10:56:31.0858 1372 SaibVdAd64 - ok
10:56:31.0889 1372 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:56:31.0904 1372 SamSs - ok
10:56:31.0951 1372 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
10:56:31.0967 1372 sbp2port - ok
10:56:32.0014 1372 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
10:56:32.0029 1372 SCardSvr - ok
10:56:32.0060 1372 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
10:56:32.0060 1372 scfilter - ok
10:56:32.0185 1372 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
10:56:32.0216 1372 Schedule - ok
10:56:32.0248 1372 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:56:32.0248 1372 SCPolicySvc - ok
10:56:32.0279 1372 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
10:56:32.0310 1372 SDRSVC - ok
10:56:32.0388 1372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
10:56:32.0388 1372 secdrv - ok
10:56:32.0404 1372 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
10:56:32.0404 1372 seclogon - ok
10:56:32.0450 1372 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
10:56:32.0450 1372 SENS - ok
10:56:32.0466 1372 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
10:56:32.0466 1372 SensrSvc - ok
10:56:32.0497 1372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
10:56:32.0497 1372 Serenum - ok
10:56:32.0544 1372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
10:56:32.0544 1372 Serial - ok
10:56:32.0606 1372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
10:56:32.0606 1372 sermouse - ok
10:56:32.0638 1372 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
10:56:32.0669 1372 SessionEnv - ok
10:56:32.0716 1372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
10:56:32.0716 1372 sffdisk - ok
10:56:32.0747 1372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
10:56:32.0747 1372 sffp_mmc - ok
10:56:32.0762 1372 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
10:56:32.0778 1372 sffp_sd - ok
10:56:32.0794 1372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
10:56:32.0794 1372 sfloppy - ok
10:56:32.0934 1372 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
10:56:32.0965 1372 Sftfs - ok
10:56:33.0106 1372 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:56:33.0106 1372 sftlist - ok
10:56:33.0152 1372 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
10:56:33.0168 1372 Sftplay - ok
10:56:33.0199 1372 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
10:56:33.0199 1372 Sftredir - ok
10:56:33.0449 1372 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:56:33.0496 1372 SftService - ok
10:56:33.0636 1372 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
10:56:33.0636 1372 Sftvol - ok
10:56:33.0792 1372 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:56:33.0792 1372 sftvsa - ok
10:56:33.0901 1372 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
10:56:33.0901 1372 SharedAccess - ok
10:56:33.0979 1372 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
10:56:33.0995 1372 ShellHWDetection - ok
10:56:34.0042 1372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
10:56:34.0042 1372 SiSRaid2 - ok
10:56:34.0088 1372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
10:56:34.0088 1372 SiSRaid4 - ok
10:56:34.0135 1372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
10:56:34.0166 1372 Smb - ok
10:56:34.0213 1372 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
10:56:34.0213 1372 SNMPTRAP - ok
10:56:34.0229 1372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
10:56:34.0244 1372 spldr - ok
10:56:34.0307 1372 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
10:56:34.0322 1372 Spooler - ok
10:56:34.0681 1372 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
10:56:34.0759 1372 sppsvc - ok
10:56:34.0884 1372 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
10:56:34.0884 1372 sppuinotify - ok
10:56:34.0978 1372 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
10:56:35.0009 1372 srv - ok
10:56:35.0071 1372 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
10:56:35.0087 1372 srv2 - ok
10:56:35.0118 1372 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
10:56:35.0134 1372 srvnet - ok
10:56:35.0212 1372 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
10:56:35.0227 1372 SSDPSRV - ok
10:56:35.0258 1372 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
10:56:35.0258 1372 SstpSvc - ok
10:56:35.0368 1372 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
10:56:35.0383 1372 STacSV - ok
10:56:35.0399 1372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
10:56:35.0414 1372 stexstor - ok
10:56:35.0524 1372 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
10:56:35.0539 1372 STHDA - ok
10:56:35.0648 1372 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
10:56:35.0680 1372 stisvc - ok
10:56:35.0695 1372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
10:56:35.0695 1372 swenum - ok
10:56:35.0773 1372 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
10:56:35.0789 1372 swprv - ok
10:56:35.0992 1372 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
10:56:36.0038 1372 SysMain - ok
10:56:36.0163 1372 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
10:56:36.0179 1372 TabletInputService - ok
10:56:36.0241 1372 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
10:56:36.0257 1372 TapiSrv - ok
10:56:36.0272 1372 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
10:56:36.0272 1372 TBS - ok
10:56:36.0538 1372 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
10:56:36.0600 1372 Tcpip - ok
10:56:36.0943 1372 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
10:56:36.0959 1372 TCPIP6 - ok
10:56:37.0068 1372 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
10:56:37.0084 1372 tcpipreg - ok
10:56:37.0099 1372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
10:56:37.0099 1372 TDPIPE - ok
10:56:37.0130 1372 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
10:56:37.0146 1372 TDTCP - ok
10:56:37.0177 1372 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
10:56:37.0193 1372 tdx - ok
10:56:37.0598 1372 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
10:56:37.0676 1372 TeamViewer7 - ok
10:56:37.0848 1372 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
10:56:37.0848 1372 TermDD - ok
10:56:37.0957 1372 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
10:56:37.0988 1372 TermService - ok
10:56:38.0020 1372 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
10:56:38.0020 1372 Themes - ok
10:56:38.0051 1372 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:56:38.0066 1372 THREADORDER - ok
10:56:38.0098 1372 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
10:56:38.0113 1372 TrkWks - ok
10:56:38.0176 1372 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
10:56:38.0191 1372 TrustedInstaller - ok
10:56:38.0222 1372 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
10:56:38.0222 1372 tssecsrv - ok
10:56:38.0254 1372 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
10:56:38.0254 1372 TsUsbFlt - ok
10:56:38.0285 1372 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
10:56:38.0300 1372 TsUsbGD - ok
10:56:38.0363 1372 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
10:56:38.0378 1372 tunnel - ok
10:56:38.0410 1372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
10:56:38.0410 1372 uagp35 - ok
10:56:38.0472 1372 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
10:56:38.0488 1372 udfs - ok
10:56:38.0534 1372 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
10:56:38.0550 1372 UI0Detect - ok
10:56:38.0581 1372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
10:56:38.0581 1372 uliagpkx - ok
10:56:38.0628 1372 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
10:56:38.0628 1372 umbus - ok
10:56:38.0644 1372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
10:56:38.0659 1372 UmPass - ok
10:56:39.0049 1372 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:56:39.0112 1372 UNS - ok
10:56:39.0283 1372 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
10:56:39.0314 1372 upnphost - ok
10:56:39.0392 1372 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
10:56:39.0392 1372 USBAAPL64 - ok
10:56:39.0439 1372 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
10:56:39.0455 1372 usbccgp - ok
10:56:39.0502 1372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
10:56:39.0533 1372 usbcir - ok
10:56:39.0548 1372 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
10:56:39.0564 1372 usbehci - ok
10:56:39.0642 1372 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
10:56:39.0658 1372 usbhub - ok
10:56:39.0673 1372 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
10:56:39.0689 1372 usbohci - ok
10:56:39.0720 1372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
10:56:39.0720 1372 usbprint - ok
10:56:39.0782 1372 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
10:56:39.0798 1372 usbscan - ok
10:56:39.0845 1372 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:56:39.0860 1372 USBSTOR - ok
10:56:39.0892 1372 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
10:56:39.0892 1372 usbuhci - ok
10:56:39.0954 1372 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
10:56:39.0970 1372 usbvideo - ok
10:56:40.0001 1372 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
10:56:40.0001 1372 UxSms - ok
10:56:40.0048 1372 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:56:40.0048 1372 VaultSvc - ok
10:56:40.0094 1372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
10:56:40.0094 1372 vdrvroot - ok
10:56:40.0157 1372 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
10:56:40.0188 1372 vds - ok
10:56:40.0204 1372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
10:56:40.0204 1372 vga - ok
10:56:40.0219 1372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
10:56:40.0219 1372 VgaSave - ok
10:56:40.0266 1372 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
10:56:40.0282 1372 vhdmp - ok
10:56:40.0297 1372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
10:56:40.0297 1372 viaide - ok
10:56:40.0344 1372 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
10:56:40.0344 1372 volmgr - ok
10:56:40.0406 1372 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
10:56:40.0422 1372 volmgrx - ok
10:56:40.0453 1372 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
10:56:40.0453 1372 volsnap - ok
10:56:40.0516 1372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
10:56:40.0531 1372 vsmraid - ok
10:56:40.0734 1372 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
10:56:40.0781 1372 VSS - ok
10:56:40.0921 1372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
10:56:40.0921 1372 vwifibus - ok
10:56:40.0968 1372 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
10:56:40.0984 1372 vwififlt - ok
10:56:41.0030 1372 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
10:56:41.0030 1372 vwifimp - ok
10:56:41.0108 1372 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
10:56:41.0124 1372 W32Time - ok
10:56:41.0155 1372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
10:56:41.0155 1372 WacomPen - ok
10:56:41.0202 1372 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:56:41.0233 1372 WANARP - ok
10:56:41.0249 1372 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:56:41.0249 1372 Wanarpv6 - ok
10:56:41.0436 1372 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
10:56:41.0452 1372 WatAdminSvc - ok
10:56:41.0623 1372 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
10:56:41.0686 1372 wbengine - ok
10:56:41.0826 1372 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
10:56:41.0842 1372 WbioSrvc - ok
10:56:41.0888 1372 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
10:56:41.0904 1372 wcncsvc - ok
10:56:41.0920 1372 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
10:56:41.0920 1372 WcsPlugInService - ok
10:56:41.0966 1372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
10:56:41.0966 1372 Wd - ok
10:56:42.0060 1372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
10:56:42.0076 1372 Wdf01000 - ok
10:56:42.0091 1372 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:56:42.0091 1372 WdiServiceHost - ok
10:56:42.0091 1372 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:56:42.0107 1372 WdiSystemHost - ok
10:56:42.0138 1372 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
10:56:42.0154 1372 WebClient - ok
10:56:42.0185 1372 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
10:56:42.0200 1372 Wecsvc - ok
10:56:42.0232 1372 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
10:56:42.0263 1372 wercplsupport - ok
10:56:42.0310 1372 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
10:56:42.0310 1372 WerSvc - ok
10:56:42.0388 1372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
10:56:42.0403 1372 WfpLwf - ok
10:56:42.0466 1372 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
10:56:42.0481 1372 WimFltr - ok
10:56:42.0497 1372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
10:56:42.0512 1372 WIMMount - ok
10:56:42.0575 1372 WinDefend - ok
10:56:42.0590 1372 WinHttpAutoProxySvc - ok
10:56:42.0684 1372 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
10:56:42.0715 1372 Winmgmt - ok
10:56:42.0934 1372 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
10:56:42.0996 1372 WinRM - ok
10:56:43.0199 1372 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
10:56:43.0199 1372 WinUsb - ok
10:56:43.0324 1372 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
10:56:43.0339 1372 Wlansvc - ok
10:56:43.0448 1372 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:56:43.0448 1372 wlcrasvc - ok
10:56:43.0745 1372 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:56:43.0823 1372 wlidsvc - ok
10:56:43.0979 1372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
10:56:43.0979 1372 WmiAcpi - ok
10:56:44.0057 1372 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
10:56:44.0057 1372 wmiApSrv - ok
10:56:44.0119 1372 WMPNetworkSvc - ok
10:56:44.0166 1372 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
10:56:44.0166 1372 WPCSvc - ok
10:56:44.0213 1372 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
10:56:44.0228 1372 WPDBusEnum - ok
10:56:44.0260 1372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
10:56:44.0260 1372 ws2ifsl - ok
10:56:44.0322 1372 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
10:56:44.0353 1372 wscsvc - ok
10:56:44.0353 1372 WSearch - ok
10:56:44.0634 1372 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
10:56:44.0696 1372 wuauserv - ok
10:56:44.0837 1372 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
10:56:44.0868 1372 WudfPf - ok
10:56:44.0930 1372 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
10:56:44.0946 1372 WUDFRd - ok
10:56:44.0993 1372 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
10:56:45.0008 1372 wudfsvc - ok
10:56:45.0055 1372 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
10:56:45.0086 1372 WwanSvc - ok
10:56:45.0149 1372 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:56:45.0227 1372 \Device\Harddisk0\DR0 - ok
10:56:45.0227 1372 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
10:56:45.0227 1372 \Device\Harddisk0\DR0\Partition0 - ok
10:56:45.0242 1372 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
10:56:45.0258 1372 \Device\Harddisk0\DR0\Partition1 - ok
10:56:45.0258 1372 ============================================================
10:56:45.0258 1372 Scan finished
10:56:45.0258 1372 ============================================================
10:56:45.0274 0400 Detected object count: 0
10:56:45.0274 0400 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 15 May 2012 - 12:19 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 15 May 2012 - 01:37 PM

Things semm to be running fine.

ComboFix 12-05-15.03 - Sam 05/15/2012 13:31:14.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2517 [GMT -4:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 18:04 . 2012-05-15 18:04 -------- d-----w- c:\users\QBDataServiceUser22\AppData\Local\temp
2012-05-15 18:04 . 2012-05-15 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-15 14:37 . 2012-05-15 14:37 -------- d-----w- c:\users\Sam\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-05-15 14:37 . 2012-05-15 14:37 -------- d-----w- c:\programdata\Virtualized Applications
2012-05-14 14:28 . 2012-05-14 22:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-14 13:39 . 2012-05-14 22:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-12 12:45 . 2012-05-14 22:32 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-12 11:54 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 11:54 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 11:54 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 11:54 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 11:54 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 11:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 11:54 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 11:53 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 11:53 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 11:53 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:53 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 11:53 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:53 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 18:59 . 2012-05-09 18:59 -------- d-----w- c:\program files (x86)\TeamViewer
2012-05-09 04:22 . 2012-05-14 23:44 -------- d-----w- C:\$AVG
2012-04-24 17:50 . 2012-04-24 18:13 -------- d-----w- c:\users\Sam\AppData\Roaming\Audacity
2012-04-24 17:50 . 2012-04-24 17:50 -------- d-----w- c:\program files (x86)\Audacity
2012-04-24 00:17 . 2012-04-24 00:17 -------- d-----w- c:\programdata\NCH Software
2012-04-24 00:17 . 2012-04-24 00:17 -------- d-----w- c:\program files (x86)\NCH Software
2012-04-24 00:17 . 2012-04-24 00:19 -------- d-----w- c:\users\Sam\AppData\Roaming\NCH Software
2012-04-19 20:03 . 2012-04-19 20:03 -------- d-----w- c:\programdata\Microsoft Help
2012-04-19 20:03 . 2012-04-19 20:03 -------- d-----w- c:\users\Sam\AppData\Local\Microsoft Help
2012-04-19 16:20 . 2012-04-19 16:20 -------- d-----w- c:\users\Sam\AppData\Roaming\ExpressFiles
2012-04-19 16:20 . 2012-04-19 16:20 -------- d-----w- c:\program files (x86)\ExpressFiles
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 03:07 . 2012-03-30 11:08 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 03:07 . 2011-11-19 04:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-12 16:38 . 2012-04-12 16:38 53248 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-03-19 09:17 . 2012-03-19 09:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-14 12:16 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-14 12:16 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-14 12:16 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-14 12:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-14 12:16 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-14 12:16 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-14 12:16 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-14 12:19 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-14 12:19 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-14 12:19 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-14 12:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-14 12:19 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-14 12:19 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-14 12:19 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-14 12:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-17 06:38 . 2012-03-14 11:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-15_11.16.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-15 13:20 . 2012-05-15 13:20 13294 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-05-15 11:13 . 2012-05-15 11:13 13294 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-05-15 10:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-15 16:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-15 16:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-15 10:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-15 10:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 16:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-05-15 14:14 71038 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-15 16:31 39650 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-04 03:32 . 2012-05-15 16:31 15054 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2959704521-1845163907-2626882050-1001_UserData.bin
+ 2011-11-04 03:33 . 2012-05-15 12:49 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-04 03:33 . 2012-05-14 20:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-04 03:33 . 2012-05-14 20:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-04 03:33 . 2012-05-15 12:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-14 20:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 12:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-18 14:59 . 2012-02-18 14:59 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
+ 2012-05-15 14:37 . 2012-05-15 14:37 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
+ 2012-05-15 14:11 . 2012-05-15 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-15 11:15 . 2012-05-15 11:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-15 11:15 . 2012-05-15 11:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-15 14:11 . 2012-05-15 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-15 10:58 660770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-15 14:20 660770 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-15 10:58 121408 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-15 14:20 121408 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-15 11:13 326916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-15 13:20 326916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-04 03:57 . 2012-05-15 13:20 4941478 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2959704521-1845163907-2626882050-1001-12288.dat
+ 2012-05-15 13:02 . 2012-05-15 13:02 8449024 c:\windows\Installer\635d93.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-04-29 75064]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-04-19 467576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~2.0\QBDBMgrN.exe [2011-11-02 679936]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intuit Entitlement Service v5;Intuit Entitlement Service v5;c:\program files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2007-06-20 20480]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 QBPOSDBServiceV7;QBPOS Database Manager v7;c:\program files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe [2007-09-13 2613072]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-02 1248256]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-03-18 25072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 18:25]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 18:25]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959704521-1845163907-2626882050-1001Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 18:25]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959704521-1845163907-2626882050-1001UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 18:25]
.
2011-11-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-05-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 10.1.10.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\c4oz4y5x.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6d,42,a9,93,8d,1c,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,51,82,bf,d5,a7,47,49,a1,a9,57,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,51,82,bf,d5,a7,47,49,a1,a9,57,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-15 14:25:53
ComboFix-quarantined-files.txt 2012-05-15 18:25
ComboFix2.txt 2012-05-15 11:41
.
Pre-Run: 314,807,672,832 bytes free
Post-Run: 314,839,908,352 bytes free
.
- - End Of File - - F20D75F40A93B0C2F67ACDC23085B37B

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 15 May 2012 - 07:07 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 22
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 16 May 2012 - 06:56 AM

Have not experienced any issues. Here are the requested log files. Thank you.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sam :: D4N1OCK52 [administrator]

5/16/2012 7:28:03 AM
mbam-log-2012-05-16 (07-28-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245587
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Sam\AppData\Local\Temp\ms0cfg32.exe (Trojan.Happili) -> Quarantined and deleted successfully.

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:53:13 AM, on 5/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Skype] Rundll32.exe C:\Users\Sam\AppData\Local\Skype\nccsyhbq.dll,GramStatsDlg
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-2959704521-1845163907-2626882050-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'QBPOSDBSrvUser')
O4 - HKUS\S-1-5-21-2959704521-1845163907-2626882050-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'QBPOSDBSrvUser')
O4 - HKUS\S-1-5-21-2959704521-1845163907-2626882050-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'QBDataServiceUser22')
O4 - HKUS\S-1-5-21-2959704521-1845163907-2626882050-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'QBDataServiceUser22')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\windows\SysWOW64\QBPOSProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Entitlement Service v5 - Intuit, Inc. - C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBPOS Database Manager v7 (QBPOSDBServiceV7) - Intuit Inc. - C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: QuickBooksDB22 - Intuit, Inc. - C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16644 bytes

#13 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 16 May 2012 - 10:40 AM

I was just using FireFox with Google and started getting redirects again.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 AM

Posted 17 May 2012 - 12:50 AM

greetings


i want you to uninstall firefox and if asked about user settings or data then remove that also

restart the computer and reinstall firefox and check for redirects - report back to me - also check all browsers installed on the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 17 May 2012 - 05:58 AM

Hello. I uninstalled and reinstalled Mozilla Firefox. I am getting redirects only when using Google search in Firefox. Seems fine when using Bing. I don't seem to be getting any redirects in IE. Here are examples of redirects if it helps.

http://8.26.70.252/see/display.php?q=screen&affsub=46355-3581_7361&subid=e10

http://www.slingfo.com/?query=messager+screen&src=11948&tid=81254319&sid=47028




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users