Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove brower hijacker


  • This topic is locked This topic is locked
27 replies to this topic

#1 Glenn Murray

Glenn Murray

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 18 May 2012 - 06:23 PM

Hi experts,

My browser is badly hijacked. I keep getting redirected to random sites. MalwareBytes and AVG do not show any problems.
I have a 64-bit computer, so I ran DDS. Below are the results. I have also attached the recommended text file. Thanks so much for any help you can provide!

Glenn

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Glenn at 16:07:33 on 2012-05-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8116.5968 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Glenn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
mURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [Spotify] "C:\Users\Glenn\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify Web Helper] "C:\Users\Glenn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Adobe] rundll32.exe "C:\Users\Glenn\AppData\Local\Apple Computer\Adobe\zxjqgy.dll",DllRegisterServer
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
mRun: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP KEYBOARDg] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE"
mRun: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [Adobe] rundll32.exe "C:\Users\Glenn\AppData\Local\Apple Computer\Adobe\zxjqgy.dll",DllRegisterServer
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Glenn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Glenn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Glenn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.202.8.1
TCP: Interfaces\{6A13C58B-BADA-497C-8814-33789469A706} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6A13C58B-BADA-497C-8814-33789469A706}\34963736F62443634353 : DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{6A13C58B-BADA-497C-8814-33789469A706}\34963736F63373537303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A13C58B-BADA-497C-8814-33789469A706}\C696E6B6379737 : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{7122BEF4-A429-4F7C-AAC1-CDBCE8286084} : DhcpNameServer = 10.202.8.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
BHO-X64: AF-HSS - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\prxtbAF-0.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
mRun-x64: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP KEYBOARDg] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE"
mRun-x64: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\0wyhhq9e.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff9.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-1-9 401920]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-6 331608]
R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336]
R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-18 654408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-27 235624]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-6 2314240]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-6 135664]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-6 79360]
S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe [2012-1-6 77520]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-6 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
.
=============== Created Last 30 ================
.
2012-05-18 22:55:52 597832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-05-18 22:55:52 597832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2012-05-18 21:14:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-18 21:12:54 -------- d-----w- C:\Users\Glenn\AppData\Roaming\SUPERAntiSpyware.com
2012-05-18 21:11:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-18 19:37:36 388096 ----a-r- C:\Users\Glenn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-18 19:14:03 -------- d-----w- C:\Users\Glenn\AppData\Roaming\Malwarebytes
2012-05-18 19:13:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-18 19:13:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-18 19:13:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-18 16:43:31 -------- d-----w- C:\ProgramData\99058D6500016020000AD478A60145BE
2012-05-18 16:43:28 -------- d-----w- C:\Program Files (x86)\Common Files\PerformanceAbout
2012-05-16 15:06:22 -------- d-----w- C:\Users\Glenn\.morena
2012-05-16 15:06:22 -------- d-----w- C:\Users\Glenn\.epaysol
2012-04-28 05:33:23 -------- d-----w- C:\Users\Glenn\AppData\Local\Local AppWizard-Generated Applications
2012-04-25 20:29:26 -------- d-----w- C:\Users\Glenn\AppData\Local\GoldenFrog
2012-04-25 20:24:43 -------- d-----w- C:\Users\Glenn\AppData\Roaming\Mimo
2012-04-25 20:21:32 -------- d-----w- C:\Program Files (x86)\OpenVPN
2012-04-25 19:50:48 -------- d-----w- C:\Users\Glenn\AppData\Roaming\Forte
2012-04-25 19:47:14 -------- d-----w- C:\Program Files (x86)\Agent
.
==================== Find3M ====================
.
2012-05-18 20:10:41 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-03-31 19:18:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-03-07 22:33:40 402216 ----a-w- C:\Program Files\iTunesAdmin.dll
.
============= FINISH: 16:08:26.29 ===============

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 18 May 2012 - 10:42 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Glenn Murray

Glenn Murray
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 19 May 2012 - 01:46 AM

Hi,
Thanks very much for the response. I have run the program you suggested. Below is the log. I noticed some infected files that MalwareBytes or AVG have not found, including one .exe that I downloaded recently and stupidly clicked on to run. I should know better than to click on .exe's that I accidentally download, and I think this one got me!
I would very much appreciate your advice on how to proceed from here. And I promise not to download or click on any suspicious .exe.'s in the future!

Glenn


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-18 22:56:46
-----------------------------
22:56:46.605 OS Version: Windows x64 6.1.7600
22:56:46.605 Number of processors: 8 586 0x1E05
22:56:46.605 ComputerName: GLENN-PC UserName: Glenn
22:56:49.896 Initialize success
23:14:29.427 AVAST engine defs: 12051801
23:14:50.565 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:14:50.581 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
23:14:50.596 Disk 0 MBR read successfully
23:14:50.596 Disk 0 MBR scan
23:14:50.612 Disk 0 Windows 7 default MBR code
23:14:50.612 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63
23:14:50.628 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 178848 MB offset 45062325
23:14:50.643 Disk 0 Partition - 00 0F Extended LBA 514551 MB offset 411344896
23:14:50.659 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 514550 MB offset 411346944
23:14:50.706 Disk 0 scanning C:\Windows\system32\drivers
23:15:02.952 Service scanning
23:15:37.334 Modules scanning
23:15:37.350 Disk 0 trace - called modules:
23:15:37.864 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:15:37.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ee2060]
23:15:37.880 3 CLASSPNP.SYS[fffff88001b4743f] -> nt!IofCallDriver -> [0xfffffa8006d3ce40]
23:15:37.896 5 ACPI.sys[fffff88000f7d781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b9c050]
23:15:50.532 AVAST engine scan C:\Windows
23:15:53.574 AVAST engine scan C:\Windows\system32
23:17:51.681 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:17:54.053 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:20:29.959 AVAST engine scan C:\Windows\system32\drivers
23:20:48.274 AVAST engine scan C:\Users\Glenn
23:24:42.383 File: C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\563a9b2b-309bc679 **INFECTED** Win32:Malware-gen
23:30:08.190 File: C:\Users\Glenn\Documents\VMware_Workstation_8_keygen[1]\VMware_Workstation_8_keygen.exe **INFECTED** Win32:MalOb-HU [Cryp]
23:30:34.320 File: C:\Users\Glenn\Downloads\Mimo\alt.binaries.deutsch\A History of Western Art (5e)\A History of Western Art (5e).exe **INFECTED** MSIL:Inject-BE [Trj]
23:31:41.790 AVAST engine scan C:\ProgramData
23:33:05.999 Scan finished successfully
23:33:38.759 Disk 0 MBR has been saved successfully to "C:\Users\Glenn\Desktop\MBR.dat"
23:33:38.775 The log file has been saved successfully to "C:\Users\Glenn\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 19 May 2012 - 09:39 AM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Glenn Murray

Glenn Murray
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 19 May 2012 - 11:19 AM

Hi,

I ran the TDSSKiller program with the option checked that you intstructed. No threats were found. I have posted the log below.
I ran into problems running Combo Fix. Clicking on Link 1, I saved to my Desktop. After accepting the licence agreement, the program looked like it was extracting to a folder under the root folder on my C: Drive, then the program completed with no options for me to continue.
I went to Windows Explorer to look for the folder it extracted to, which was called "32788R22FWJFW". Actually it had a different icon than the folder icon, one I have never seen before, even though it said it was a folder. When clicked on the folder it showed me another Window Explorer screen of my computer. I clicked on C: drive and it showed the same list of files/folders on my root C: Drive, including the "32788R22FWJFW folder". I clicked on this folder again and it recursively went to the Window Explorer screen of my computer, Not sure what that is all about.
I then tried to download Combo Fix from Link 2. It brought up machine code in my browser window, so I right clicked on the download link and Saved As ComboFix.exe to my Desktop. I then ran ComboFix.exe and it produced the same results of appearing to extract to a folder under the root folder in my C: Drive, which gave me the same results as above, where I could click recursively on the folders.
I am now dead in the water as far as proceeding any further with the fix.
Please advise.

Thanks,
Glenn

08:53:31.0726 5776 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
08:53:32.0225 5776 ============================================================
08:53:32.0225 5776 Current date / time: 2012/05/19 08:53:32.0225
08:53:32.0225 5776 SystemInfo:
08:53:32.0225 5776
08:53:32.0225 5776 OS Version: 6.1.7600 ServicePack: 0.0
08:53:32.0225 5776 Product type: Workstation
08:53:32.0225 5776 ComputerName: GLENN-PC
08:53:32.0225 5776 UserName: Glenn
08:53:32.0225 5776 Windows directory: C:\Windows
08:53:32.0225 5776 System windows directory: C:\Windows
08:53:32.0225 5776 Running under WOW64
08:53:32.0225 5776 Processor architecture: Intel x64
08:53:32.0225 5776 Number of processors: 8
08:53:32.0225 5776 Page size: 0x1000
08:53:32.0225 5776 Boot type: Normal boot
08:53:32.0225 5776 ============================================================
08:53:32.0989 5776 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:53:33.0020 5776 ============================================================
08:53:33.0020 5776 \Device\Harddisk0\DR0:
08:53:33.0020 5776 MBR partitions:
08:53:33.0020 5776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x15D500E1
08:53:33.0036 5776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1884A800, BlocksNum 0x3ECFB000
08:53:33.0036 5776 ============================================================
08:53:33.0067 5776 C: <-> \Device\Harddisk0\DR0\Partition0
08:53:33.0083 5776 D: <-> \Device\Harddisk0\DR0\Partition1
08:53:33.0083 5776 ============================================================
08:53:33.0083 5776 Initialize success
08:53:33.0083 5776 ============================================================
08:53:40.0493 2732 ============================================================
08:53:40.0493 2732 Scan started
08:53:40.0493 2732 Mode: Manual; TDLFS;
08:53:40.0493 2732 ============================================================
08:53:40.0820 2732 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
08:53:40.0820 2732 !SASCORE - ok
08:53:41.0008 2732 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:53:41.0008 2732 1394ohci - ok
08:53:41.0039 2732 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:53:41.0054 2732 ACPI - ok
08:53:41.0070 2732 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:53:41.0070 2732 AcpiPmi - ok
08:53:41.0288 2732 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:53:41.0288 2732 AdobeARMservice - ok
08:53:41.0351 2732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:53:41.0351 2732 adp94xx - ok
08:53:41.0382 2732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:53:41.0398 2732 adpahci - ok
08:53:41.0413 2732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:53:41.0413 2732 adpu320 - ok
08:53:41.0444 2732 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:53:41.0444 2732 AeLookupSvc - ok
08:53:41.0491 2732 AFBAgent (734d1ba96be6ad8d04e6afead569ea8a) C:\Windows\system32\FBAgent.exe
08:53:41.0507 2732 AFBAgent - ok
08:53:41.0554 2732 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
08:53:41.0569 2732 AFD - ok
08:53:41.0585 2732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:53:41.0585 2732 agp440 - ok
08:53:41.0600 2732 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:53:41.0616 2732 ALG - ok
08:53:41.0632 2732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:53:41.0632 2732 aliide - ok
08:53:41.0725 2732 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
08:53:41.0741 2732 Amazon Download Agent - ok
08:53:41.0756 2732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:53:41.0756 2732 amdide - ok
08:53:41.0803 2732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:53:41.0803 2732 AmdK8 - ok
08:53:41.0803 2732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:53:41.0803 2732 AmdPPM - ok
08:53:41.0834 2732 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
08:53:41.0834 2732 amdsata - ok
08:53:41.0866 2732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:53:41.0866 2732 amdsbs - ok
08:53:41.0881 2732 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
08:53:41.0881 2732 amdxata - ok
08:53:41.0928 2732 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:53:41.0928 2732 AppID - ok
08:53:41.0944 2732 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:53:41.0944 2732 AppIDSvc - ok
08:53:41.0975 2732 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
08:53:41.0975 2732 Appinfo - ok
08:53:42.0068 2732 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:53:42.0068 2732 Apple Mobile Device - ok
08:53:42.0115 2732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:53:42.0115 2732 arc - ok
08:53:42.0146 2732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:53:42.0146 2732 arcsas - ok
08:53:42.0178 2732 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
08:53:42.0178 2732 ASLDRService - ok
08:53:42.0209 2732 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
08:53:42.0209 2732 ASMMAP64 - ok
08:53:42.0287 2732 aspnet_state - ok
08:53:42.0318 2732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:53:42.0318 2732 AsyncMac - ok
08:53:42.0334 2732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:53:42.0334 2732 atapi - ok
08:53:42.0443 2732 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
08:53:42.0458 2732 athr - ok
08:53:42.0536 2732 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
08:53:42.0536 2732 ATKGFNEXSrv - ok
08:53:42.0661 2732 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
08:53:42.0677 2732 AudioEndpointBuilder - ok
08:53:42.0692 2732 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
08:53:42.0692 2732 AudioSrv - ok
08:53:43.0176 2732 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
08:53:43.0254 2732 AVGIDSAgent - ok
08:53:43.0394 2732 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
08:53:43.0394 2732 AVGIDSDriver - ok
08:53:43.0410 2732 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
08:53:43.0410 2732 AVGIDSEH - ok
08:53:43.0441 2732 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
08:53:43.0441 2732 AVGIDSFilter - ok
08:53:43.0488 2732 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
08:53:43.0488 2732 Avgldx64 - ok
08:53:43.0504 2732 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
08:53:43.0504 2732 Avgmfx64 - ok
08:53:43.0535 2732 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
08:53:43.0535 2732 Avgrkx64 - ok
08:53:43.0566 2732 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
08:53:43.0582 2732 Avgtdia - ok
08:53:43.0644 2732 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
08:53:43.0660 2732 avgwd - ok
08:53:43.0738 2732 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
08:53:43.0738 2732 AxInstSV - ok
08:53:43.0784 2732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:53:43.0784 2732 b06bdrv - ok
08:53:43.0831 2732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:53:43.0847 2732 b57nd60a - ok
08:53:43.0862 2732 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:53:43.0878 2732 BDESVC - ok
08:53:43.0878 2732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:53:43.0894 2732 Beep - ok
08:53:43.0940 2732 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
08:53:43.0956 2732 BITS - ok
08:53:43.0987 2732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:53:43.0987 2732 blbdrive - ok
08:53:44.0128 2732 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:53:44.0128 2732 Bonjour Service - ok
08:53:44.0159 2732 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
08:53:44.0159 2732 bowser - ok
08:53:44.0174 2732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:53:44.0174 2732 BrFiltLo - ok
08:53:44.0190 2732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:53:44.0190 2732 BrFiltUp - ok
08:53:44.0206 2732 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:53:44.0206 2732 BridgeMP - ok
08:53:44.0237 2732 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
08:53:44.0237 2732 Browser - ok
08:53:44.0252 2732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:53:44.0268 2732 Brserid - ok
08:53:44.0268 2732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:53:44.0268 2732 BrSerWdm - ok
08:53:44.0284 2732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:53:44.0284 2732 BrUsbMdm - ok
08:53:44.0299 2732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:53:44.0299 2732 BrUsbSer - ok
08:53:44.0315 2732 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
08:53:44.0315 2732 BthEnum - ok
08:53:44.0346 2732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:53:44.0346 2732 BTHMODEM - ok
08:53:44.0362 2732 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:53:44.0362 2732 BthPan - ok
08:53:44.0408 2732 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
08:53:44.0408 2732 BTHPORT - ok
08:53:44.0440 2732 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:53:44.0440 2732 bthserv - ok
08:53:44.0455 2732 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
08:53:44.0455 2732 BTHUSB - ok
08:53:44.0502 2732 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
08:53:44.0502 2732 btusbflt - ok
08:53:44.0518 2732 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
08:53:44.0518 2732 btwaudio - ok
08:53:44.0533 2732 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys
08:53:44.0533 2732 btwavdt - ok
08:53:44.0767 2732 btwdins (4e63c48e7328a11ed0e9075c18fce782) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:53:44.0783 2732 btwdins - ok
08:53:44.0814 2732 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
08:53:44.0814 2732 btwl2cap - ok
08:53:44.0830 2732 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
08:53:44.0830 2732 btwrchid - ok
08:53:44.0861 2732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:53:44.0861 2732 cdfs - ok
08:53:44.0892 2732 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:53:44.0892 2732 cdrom - ok
08:53:44.0923 2732 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
08:53:44.0923 2732 CertPropSvc - ok
08:53:44.0939 2732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:53:44.0939 2732 circlass - ok
08:53:44.0986 2732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:53:45.0001 2732 CLFS - ok
08:53:45.0064 2732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:53:45.0064 2732 clr_optimization_v2.0.50727_32 - ok
08:53:45.0095 2732 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:53:45.0095 2732 clr_optimization_v2.0.50727_64 - ok
08:53:45.0157 2732 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:53:45.0157 2732 clr_optimization_v4.0.30319_32 - ok
08:53:45.0220 2732 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:53:45.0220 2732 clr_optimization_v4.0.30319_64 - ok
08:53:45.0251 2732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:53:45.0251 2732 CmBatt - ok
08:53:45.0266 2732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:53:45.0266 2732 cmdide - ok
08:53:45.0313 2732 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
08:53:45.0313 2732 CNG - ok
08:53:45.0360 2732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:53:45.0360 2732 Compbatt - ok
08:53:45.0376 2732 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:53:45.0376 2732 CompositeBus - ok
08:53:45.0391 2732 COMSysApp - ok
08:53:45.0391 2732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:53:45.0391 2732 crcdisk - ok
08:53:45.0454 2732 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
08:53:45.0454 2732 Creative ALchemy AL6 Licensing Service - ok
08:53:45.0485 2732 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
08:53:45.0485 2732 Creative Audio Engine Licensing Service - ok
08:53:45.0516 2732 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
08:53:45.0516 2732 CryptSvc - ok
08:53:45.0563 2732 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
08:53:45.0578 2732 DcomLaunch - ok
08:53:45.0610 2732 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:53:45.0610 2732 defragsvc - ok
08:53:45.0625 2732 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
08:53:45.0625 2732 DfsC - ok
08:53:45.0672 2732 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
08:53:45.0688 2732 Dhcp - ok
08:53:45.0703 2732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:53:45.0703 2732 discache - ok
08:53:45.0719 2732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:53:45.0719 2732 Disk - ok
08:53:45.0750 2732 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
08:53:45.0750 2732 Dnscache - ok
08:53:45.0781 2732 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
08:53:45.0781 2732 dot3svc - ok
08:53:45.0797 2732 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
08:53:45.0797 2732 DPS - ok
08:53:45.0812 2732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:53:45.0812 2732 drmkaud - ok
08:53:45.0890 2732 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
08:53:45.0906 2732 DXGKrnl - ok
08:53:45.0937 2732 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:53:45.0937 2732 EapHost - ok
08:53:46.0124 2732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:53:46.0156 2732 ebdrv - ok
08:53:46.0265 2732 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
08:53:46.0280 2732 EFS - ok
08:53:46.0390 2732 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
08:53:46.0405 2732 ehRecvr - ok
08:53:46.0436 2732 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:53:46.0436 2732 ehSched - ok
08:53:46.0499 2732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:53:46.0514 2732 elxstor - ok
08:53:46.0530 2732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:53:46.0530 2732 ErrDev - ok
08:53:46.0577 2732 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:53:46.0577 2732 EventSystem - ok
08:53:46.0608 2732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:53:46.0608 2732 exfat - ok
08:53:46.0764 2732 ExpatShieldService (507942b5bfdbb8efd0e03bde9f72bc86) C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
08:53:46.0764 2732 ExpatShieldService - ok
08:53:46.0920 2732 ExpatSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
08:53:46.0920 2732 ExpatSrv - ok
08:53:46.0967 2732 ExpatTrayService (1034f1285e474fcbb850afd2dc712837) C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE
08:53:46.0967 2732 ExpatTrayService - ok
08:53:46.0982 2732 ExpatWd - ok
08:53:46.0998 2732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:53:47.0014 2732 fastfat - ok
08:53:47.0076 2732 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
08:53:47.0092 2732 Fax - ok
08:53:47.0107 2732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:53:47.0107 2732 fdc - ok
08:53:47.0138 2732 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:53:47.0138 2732 fdPHost - ok
08:53:47.0154 2732 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:53:47.0154 2732 FDResPub - ok
08:53:47.0170 2732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:53:47.0170 2732 FileInfo - ok
08:53:47.0185 2732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:53:47.0185 2732 Filetrace - ok
08:53:47.0185 2732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:53:47.0185 2732 flpydisk - ok
08:53:47.0216 2732 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:53:47.0216 2732 FltMgr - ok
08:53:47.0248 2732 FLxHCIc (480e31b064e6f7b4eaab8b00437298b6) C:\Windows\system32\DRIVERS\FLxHCIc.sys
08:53:47.0263 2732 FLxHCIc - ok
08:53:47.0294 2732 FLxHCIh (e9cf4c5a0c31197351f89a1df4522b96) C:\Windows\system32\DRIVERS\FLxHCIh.sys
08:53:47.0294 2732 FLxHCIh - ok
08:53:47.0372 2732 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
08:53:47.0388 2732 FontCache - ok
08:53:47.0482 2732 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:53:47.0482 2732 FontCache3.0.0.0 - ok
08:53:47.0513 2732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:53:47.0513 2732 FsDepends - ok
08:53:47.0544 2732 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
08:53:47.0544 2732 fssfltr - ok
08:53:47.0622 2732 fsssvc (f6717211c1ec2cddaa81b97b0727c2e9) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:53:47.0638 2732 fsssvc - ok
08:53:47.0653 2732 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:53:47.0653 2732 Fs_Rec - ok
08:53:47.0684 2732 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:53:47.0700 2732 fvevol - ok
08:53:47.0731 2732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:53:47.0731 2732 gagp30kx - ok
08:53:47.0762 2732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:53:47.0762 2732 GEARAspiWDM - ok
08:53:47.0840 2732 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
08:53:47.0840 2732 gpsvc - ok
08:53:47.0918 2732 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:53:47.0918 2732 gupdate - ok
08:53:47.0965 2732 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:53:47.0965 2732 gupdatem - ok
08:53:47.0981 2732 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:53:47.0981 2732 gusvc - ok
08:53:47.0996 2732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:53:47.0996 2732 hcw85cir - ok
08:53:48.0028 2732 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
08:53:48.0043 2732 HdAudAddService - ok
08:53:48.0059 2732 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:53:48.0059 2732 HDAudBus - ok
08:53:48.0090 2732 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
08:53:48.0090 2732 HECIx64 - ok
08:53:48.0106 2732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:53:48.0106 2732 HidBatt - ok
08:53:48.0121 2732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:53:48.0121 2732 HidBth - ok
08:53:48.0137 2732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:53:48.0137 2732 HidIr - ok
08:53:48.0152 2732 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:53:48.0152 2732 hidserv - ok
08:53:48.0199 2732 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:53:48.0199 2732 HidUsb - ok
08:53:48.0215 2732 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
08:53:48.0215 2732 hkmsvc - ok
08:53:48.0230 2732 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
08:53:48.0246 2732 HomeGroupListener - ok
08:53:48.0262 2732 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
08:53:48.0262 2732 HomeGroupProvider - ok
08:53:48.0293 2732 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:53:48.0308 2732 HpSAMD - ok
08:53:48.0355 2732 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:53:48.0355 2732 HTTP - ok
08:53:48.0386 2732 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:53:48.0386 2732 hwpolicy - ok
08:53:48.0418 2732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:53:48.0418 2732 i8042prt - ok
08:53:48.0464 2732 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
08:53:48.0480 2732 iaStor - ok
08:53:48.0527 2732 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
08:53:48.0527 2732 iaStorV - ok
08:53:48.0620 2732 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:53:48.0636 2732 idsvc - ok
08:53:48.0667 2732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:53:48.0667 2732 iirsp - ok
08:53:48.0730 2732 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
08:53:48.0745 2732 IKEEXT - ok
08:53:48.0901 2732 IntcAzAudAddService (bd9d02f706fcaf28d89f5435f18a4a04) C:\Windows\system32\drivers\RTKVHD64.sys
08:53:48.0932 2732 IntcAzAudAddService - ok
08:53:49.0010 2732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:53:49.0010 2732 intelide - ok
08:53:49.0042 2732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:53:49.0042 2732 intelppm - ok
08:53:49.0073 2732 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:53:49.0073 2732 IPBusEnum - ok
08:53:49.0088 2732 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:53:49.0088 2732 IpFilterDriver - ok
08:53:49.0166 2732 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
08:53:49.0182 2732 iphlpsvc - ok
08:53:49.0198 2732 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:53:49.0198 2732 IPMIDRV - ok
08:53:49.0229 2732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:53:49.0229 2732 IPNAT - ok
08:53:49.0338 2732 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:53:49.0354 2732 iPod Service - ok
08:53:49.0385 2732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:53:49.0385 2732 IRENUM - ok
08:53:49.0400 2732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:53:49.0400 2732 isapnp - ok
08:53:49.0432 2732 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:53:49.0432 2732 iScsiPrt - ok
08:53:49.0463 2732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:53:49.0478 2732 kbdclass - ok
08:53:49.0510 2732 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:53:49.0510 2732 kbdhid - ok
08:53:49.0525 2732 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
08:53:49.0541 2732 kbfiltr - ok
08:53:49.0572 2732 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
08:53:49.0572 2732 KeyIso - ok
08:53:49.0666 2732 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
08:53:49.0681 2732 Kodak AiO Network Discovery Service - ok
08:53:49.0712 2732 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
08:53:49.0712 2732 KSecDD - ok
08:53:49.0728 2732 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
08:53:49.0728 2732 KSecPkg - ok
08:53:49.0744 2732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:53:49.0744 2732 ksthunk - ok
08:53:49.0790 2732 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:53:49.0806 2732 KtmRm - ok
08:53:49.0822 2732 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:53:49.0837 2732 L1C - ok
08:53:49.0884 2732 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
08:53:49.0884 2732 LanmanServer - ok
08:53:49.0915 2732 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
08:53:49.0915 2732 LanmanWorkstation - ok
08:53:49.0962 2732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:53:49.0962 2732 lltdio - ok
08:53:50.0009 2732 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:53:50.0009 2732 lltdsvc - ok
08:53:50.0024 2732 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:53:50.0024 2732 lmhosts - ok
08:53:50.0087 2732 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:53:50.0102 2732 LMS - ok
08:53:50.0134 2732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:53:50.0134 2732 LSI_FC - ok
08:53:50.0149 2732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:53:50.0149 2732 LSI_SAS - ok
08:53:50.0165 2732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:53:50.0165 2732 LSI_SAS2 - ok
08:53:50.0180 2732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:53:50.0180 2732 LSI_SCSI - ok
08:53:50.0212 2732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:53:50.0212 2732 luafv - ok
08:53:50.0243 2732 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:53:50.0243 2732 MBAMProtector - ok
08:53:50.0321 2732 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:53:50.0336 2732 MBAMService - ok
08:53:50.0368 2732 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
08:53:50.0368 2732 MBfilt - ok
08:53:50.0414 2732 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
08:53:50.0414 2732 mcdbus - ok
08:53:50.0446 2732 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
08:53:50.0446 2732 Mcx2Svc - ok
08:53:50.0461 2732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:53:50.0461 2732 megasas - ok
08:53:50.0492 2732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:53:50.0508 2732 MegaSR - ok
08:53:50.0555 2732 Microsoft SharePoint Workspace Audit Service - ok
08:53:50.0570 2732 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:53:50.0570 2732 MMCSS - ok
08:53:50.0586 2732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:53:50.0586 2732 Modem - ok
08:53:50.0617 2732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:53:50.0617 2732 monitor - ok
08:53:50.0648 2732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:53:50.0648 2732 mouclass - ok
08:53:50.0664 2732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:53:50.0664 2732 mouhid - ok
08:53:50.0695 2732 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:53:50.0695 2732 mountmgr - ok
08:53:50.0758 2732 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:53:50.0758 2732 MozillaMaintenance - ok
08:53:50.0789 2732 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:53:50.0789 2732 mpio - ok
08:53:50.0804 2732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:53:50.0804 2732 mpsdrv - ok
08:53:50.0836 2732 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:53:50.0836 2732 MRxDAV - ok
08:53:50.0851 2732 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:53:50.0851 2732 mrxsmb - ok
08:53:50.0882 2732 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:53:50.0882 2732 mrxsmb10 - ok
08:53:50.0898 2732 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:53:50.0898 2732 mrxsmb20 - ok
08:53:50.0914 2732 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:53:50.0914 2732 msahci - ok
08:53:50.0929 2732 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:53:50.0929 2732 msdsm - ok
08:53:50.0960 2732 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:53:50.0976 2732 MSDTC - ok
08:53:50.0992 2732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:53:50.0992 2732 Msfs - ok
08:53:51.0007 2732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:53:51.0007 2732 mshidkmdf - ok
08:53:51.0023 2732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:53:51.0023 2732 msisadrv - ok
08:53:51.0038 2732 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:53:51.0054 2732 MSiSCSI - ok
08:53:51.0054 2732 msiserver - ok
08:53:51.0070 2732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:53:51.0085 2732 MSKSSRV - ok
08:53:51.0101 2732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:53:51.0101 2732 MSPCLOCK - ok
08:53:51.0101 2732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:53:51.0101 2732 MSPQM - ok
08:53:51.0132 2732 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:53:51.0148 2732 MsRPC - ok
08:53:51.0163 2732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:53:51.0163 2732 mssmbios - ok
08:53:51.0163 2732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:53:51.0163 2732 MSTEE - ok
08:53:51.0179 2732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:53:51.0179 2732 MTConfig - ok
08:53:51.0210 2732 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
08:53:51.0210 2732 MTsensor - ok
08:53:51.0226 2732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:53:51.0226 2732 Mup - ok
08:53:51.0272 2732 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
08:53:51.0288 2732 napagent - ok
08:53:51.0319 2732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:53:51.0335 2732 NativeWifiP - ok
08:53:51.0397 2732 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:53:51.0413 2732 NDIS - ok
08:53:51.0428 2732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:53:51.0428 2732 NdisCap - ok
08:53:51.0460 2732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:53:51.0460 2732 NdisTapi - ok
08:53:51.0506 2732 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:53:51.0506 2732 Ndisuio - ok
08:53:51.0538 2732 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:53:51.0538 2732 NdisWan - ok
08:53:51.0553 2732 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:53:51.0553 2732 NDProxy - ok
08:53:51.0569 2732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:53:51.0569 2732 NetBIOS - ok
08:53:51.0584 2732 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:53:51.0584 2732 NetBT - ok
08:53:51.0616 2732 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
08:53:51.0616 2732 Netlogon - ok
08:53:51.0647 2732 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:53:51.0662 2732 Netman - ok
08:53:51.0725 2732 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:51.0725 2732 NetMsmqActivator - ok
08:53:51.0740 2732 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:51.0740 2732 NetPipeActivator - ok
08:53:51.0772 2732 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:53:51.0772 2732 netprofm - ok
08:53:51.0787 2732 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:51.0787 2732 NetTcpActivator - ok
08:53:51.0787 2732 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:51.0787 2732 NetTcpPortSharing - ok
08:53:51.0834 2732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:53:51.0834 2732 nfrd960 - ok
08:53:51.0865 2732 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
08:53:51.0881 2732 NlaSvc - ok
08:53:51.0896 2732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:53:51.0896 2732 Npfs - ok
08:53:51.0912 2732 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:53:51.0912 2732 nsi - ok
08:53:51.0928 2732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:53:51.0928 2732 nsiproxy - ok
08:53:52.0037 2732 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
08:53:52.0052 2732 Ntfs - ok
08:53:52.0130 2732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:53:52.0130 2732 Null - ok
08:53:52.0177 2732 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
08:53:52.0177 2732 NVHDA - ok
08:53:52.0832 2732 nvlddmkm (6850d89c7abdd8b4fb0b3659da961379) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:53:52.0973 2732 nvlddmkm - ok
08:53:53.0113 2732 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
08:53:53.0113 2732 nvraid - ok
08:53:53.0129 2732 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
08:53:53.0129 2732 nvstor - ok
08:53:53.0176 2732 nvsvc (2cbaf74c49c472160ebd73adab8dab50) C:\Windows\system32\nvvsvc.exe
08:53:53.0176 2732 nvsvc - ok
08:53:53.0222 2732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:53:53.0222 2732 nv_agp - ok
08:53:53.0238 2732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:53:53.0238 2732 ohci1394 - ok
08:53:53.0332 2732 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:53:53.0332 2732 ose64 - ok
08:53:53.0644 2732 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:53:53.0690 2732 osppsvc - ok
08:53:53.0815 2732 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:53:53.0831 2732 p2pimsvc - ok
08:53:53.0862 2732 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:53:53.0878 2732 p2psvc - ok
08:53:53.0909 2732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:53:53.0909 2732 Parport - ok
08:53:53.0940 2732 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
08:53:53.0940 2732 partmgr - ok
08:53:53.0956 2732 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:53:53.0971 2732 PcaSvc - ok
08:53:53.0987 2732 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:53:53.0987 2732 pci - ok
08:53:54.0002 2732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:53:54.0002 2732 pciide - ok
08:53:54.0034 2732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:53:54.0034 2732 pcmcia - ok
08:53:54.0049 2732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:53:54.0049 2732 pcw - ok
08:53:54.0096 2732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:53:54.0112 2732 PEAUTH - ok
08:53:54.0174 2732 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:53:54.0174 2732 PerfHost - ok
08:53:54.0283 2732 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
08:53:54.0314 2732 pla - ok
08:53:54.0361 2732 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
08:53:54.0361 2732 PlugPlay - ok
08:53:54.0377 2732 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:53:54.0377 2732 PNRPAutoReg - ok
08:53:54.0408 2732 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:53:54.0424 2732 PNRPsvc - ok
08:53:54.0486 2732 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
08:53:54.0486 2732 Point64 - ok
08:53:54.0533 2732 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
08:53:54.0548 2732 PolicyAgent - ok
08:53:54.0580 2732 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:53:54.0595 2732 Power - ok
08:53:54.0626 2732 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:53:54.0626 2732 PptpMiniport - ok
08:53:54.0658 2732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:53:54.0658 2732 Processor - ok
08:53:54.0673 2732 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
08:53:54.0689 2732 ProfSvc - ok
08:53:54.0689 2732 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
08:53:54.0704 2732 ProtectedStorage - ok
08:53:54.0736 2732 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:53:54.0736 2732 Psched - ok
08:53:54.0829 2732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:53:54.0845 2732 ql2300 - ok
08:53:54.0954 2732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:53:54.0954 2732 ql40xx - ok
08:53:55.0001 2732 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:53:55.0001 2732 QWAVE - ok
08:53:55.0016 2732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:53:55.0016 2732 QWAVEdrv - ok
08:53:55.0032 2732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:53:55.0032 2732 RasAcd - ok
08:53:55.0063 2732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:53:55.0063 2732 RasAgileVpn - ok
08:53:55.0079 2732 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:53:55.0079 2732 RasAuto - ok
08:53:55.0110 2732 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:53:55.0110 2732 Rasl2tp - ok
08:53:55.0141 2732 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
08:53:55.0157 2732 RasMan - ok
08:53:55.0172 2732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:53:55.0172 2732 RasPppoe - ok
08:53:55.0204 2732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:53:55.0204 2732 RasSstp - ok
08:53:55.0219 2732 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:53:55.0235 2732 rdbss - ok
08:53:55.0250 2732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:53:55.0250 2732 rdpbus - ok
08:53:55.0266 2732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:53:55.0266 2732 RDPCDD - ok
08:53:55.0297 2732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:53:55.0297 2732 RDPENCDD - ok
08:53:55.0313 2732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:53:55.0313 2732 RDPREFMP - ok
08:53:55.0344 2732 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
08:53:55.0344 2732 RDPWD - ok
08:53:55.0375 2732 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
08:53:55.0375 2732 rdyboost - ok
08:53:55.0422 2732 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:53:55.0422 2732 RemoteAccess - ok
08:53:55.0453 2732 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:53:55.0453 2732 RemoteRegistry - ok
08:53:55.0484 2732 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:53:55.0484 2732 RFCOMM - ok
08:53:55.0516 2732 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:53:55.0516 2732 RpcEptMapper - ok
08:53:55.0531 2732 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:53:55.0531 2732 RpcLocator - ok
08:53:55.0578 2732 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
08:53:55.0578 2732 RpcSs - ok
08:53:55.0656 2732 RSPCIESTOR (4ec9bac49473043ebd1eec6ea59d8b2f) C:\Windows\system32\DRIVERS\RtsPStor.sys
08:53:55.0656 2732 RSPCIESTOR - ok
08:53:55.0687 2732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:53:55.0687 2732 rspndr - ok
08:53:55.0703 2732 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
08:53:55.0718 2732 SamSs - ok
08:53:55.0796 2732 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:53:55.0796 2732 SASDIFSV - ok
08:53:55.0843 2732 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:53:55.0843 2732 SASKUTIL - ok
08:53:55.0859 2732 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:53:55.0859 2732 sbp2port - ok
08:53:55.0906 2732 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:53:55.0906 2732 SCardSvr - ok
08:53:55.0921 2732 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:53:55.0921 2732 scfilter - ok
08:53:56.0015 2732 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
08:53:56.0030 2732 Schedule - ok
08:53:56.0077 2732 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
08:53:56.0077 2732 SCPolicySvc - ok
08:53:56.0093 2732 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
08:53:56.0093 2732 SDRSVC - ok
08:53:56.0155 2732 SeaPort (58dc20eb15f071804c56fccc796417a2) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
08:53:56.0171 2732 SeaPort - ok
08:53:56.0218 2732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:53:56.0218 2732 secdrv - ok
08:53:56.0233 2732 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
08:53:56.0233 2732 seclogon - ok
08:53:56.0264 2732 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:53:56.0264 2732 SENS - ok
08:53:56.0280 2732 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:53:56.0280 2732 SensrSvc - ok
08:53:56.0311 2732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:53:56.0311 2732 Serenum - ok
08:53:56.0342 2732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:53:56.0342 2732 Serial - ok
08:53:56.0358 2732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:53:56.0358 2732 sermouse - ok
08:53:56.0389 2732 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
08:53:56.0389 2732 SessionEnv - ok
08:53:56.0405 2732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:53:56.0405 2732 sffdisk - ok
08:53:56.0420 2732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:53:56.0420 2732 sffp_mmc - ok
08:53:56.0436 2732 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:53:56.0436 2732 sffp_sd - ok
08:53:56.0467 2732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:53:56.0467 2732 sfloppy - ok
08:53:56.0514 2732 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
08:53:56.0530 2732 ShellHWDetection - ok
08:53:56.0545 2732 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
08:53:56.0561 2732 SiSGbeLH - ok
08:53:56.0576 2732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:53:56.0576 2732 SiSRaid2 - ok
08:53:56.0592 2732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:53:56.0592 2732 SiSRaid4 - ok
08:53:56.0608 2732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:53:56.0623 2732 Smb - ok
08:53:56.0654 2732 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:53:56.0654 2732 SNMPTRAP - ok
08:53:56.0779 2732 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
08:53:56.0810 2732 SNP2UVC - ok
08:53:56.0935 2732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:53:56.0935 2732 spldr - ok
08:53:56.0982 2732 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
08:53:56.0982 2732 Spooler - ok
08:53:57.0185 2732 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
08:53:57.0232 2732 sppsvc - ok
08:53:57.0294 2732 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:53:57.0294 2732 sppuinotify - ok
08:53:57.0341 2732 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
08:53:57.0341 2732 srv - ok
08:53:57.0388 2732 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
08:53:57.0388 2732 srv2 - ok
08:53:57.0419 2732 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
08:53:57.0419 2732 srvnet - ok
08:53:57.0450 2732 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:53:57.0466 2732 SSDPSRV - ok
08:53:57.0481 2732 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:53:57.0481 2732 SstpSvc - ok
08:53:57.0544 2732 Stereo Service (a076f53e246eae2f8424a4d81b9b9053) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:53:57.0559 2732 Stereo Service - ok
08:53:57.0575 2732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:53:57.0575 2732 stexstor - ok
08:53:57.0606 2732 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
08:53:57.0622 2732 stisvc - ok
08:53:57.0637 2732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:53:57.0637 2732 swenum - ok
08:53:57.0684 2732 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:53:57.0684 2732 swprv - ok
08:53:57.0731 2732 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
08:53:57.0746 2732 SynTP - ok
08:53:57.0840 2732 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
08:53:57.0871 2732 SysMain - ok
08:53:57.0965 2732 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
08:53:57.0965 2732 TabletInputService - ok
08:53:58.0012 2732 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
08:53:58.0012 2732 tap0901 - ok
08:53:58.0043 2732 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
08:53:58.0043 2732 taphss - ok
08:53:58.0074 2732 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
08:53:58.0090 2732 TapiSrv - ok
08:53:58.0090 2732 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:53:58.0105 2732 TBS - ok
08:53:58.0230 2732 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
08:53:58.0246 2732 Tcpip - ok
08:53:58.0448 2732 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
08:53:58.0464 2732 TCPIP6 - ok
08:53:58.0542 2732 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:53:58.0542 2732 tcpipreg - ok
08:53:58.0558 2732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:53:58.0558 2732 TDPIPE - ok
08:53:58.0573 2732 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:53:58.0573 2732 TDTCP - ok
08:53:58.0604 2732 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:53:58.0604 2732 tdx - ok
08:53:58.0620 2732 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:53:58.0620 2732 TermDD - ok
08:53:58.0682 2732 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
08:53:58.0682 2732 TermService - ok
08:53:58.0729 2732 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:53:58.0729 2732 Themes - ok
08:53:58.0760 2732 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:53:58.0760 2732 THREADORDER - ok
08:53:58.0792 2732 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:53:58.0792 2732 TrkWks - ok
08:53:58.0838 2732 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
08:53:58.0838 2732 TrustedInstaller - ok
08:53:58.0854 2732 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:53:58.0854 2732 tssecsrv - ok
08:53:58.0916 2732 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:53:58.0916 2732 tunnel - ok
08:53:58.0932 2732 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
08:53:58.0932 2732 TurboB - ok
08:53:58.0979 2732 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
08:53:58.0979 2732 TurboBoost - ok
08:53:58.0994 2732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:53:59.0010 2732 uagp35 - ok
08:53:59.0026 2732 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:53:59.0041 2732 udfs - ok
08:53:59.0072 2732 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:53:59.0072 2732 UI0Detect - ok
08:53:59.0088 2732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:53:59.0104 2732 uliagpkx - ok
08:53:59.0135 2732 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:53:59.0135 2732 umbus - ok
08:53:59.0150 2732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:53:59.0150 2732 UmPass - ok
08:53:59.0322 2732 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:53:59.0353 2732 UNS - ok
08:53:59.0447 2732 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:53:59.0447 2732 upnphost - ok
08:53:59.0478 2732 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:53:59.0494 2732 USBAAPL64 - ok
08:53:59.0525 2732 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
08:53:59.0525 2732 usbccgp - ok
08:53:59.0556 2732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:53:59.0556 2732 usbcir - ok
08:53:59.0572 2732 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
08:53:59.0572 2732 usbehci - ok
08:53:59.0618 2732 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
08:53:59.0618 2732 usbhub - ok
08:53:59.0634 2732 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
08:53:59.0634 2732 usbohci - ok
08:53:59.0650 2732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:53:59.0650 2732 usbprint - ok
08:53:59.0681 2732 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:53:59.0681 2732 usbscan - ok
08:53:59.0696 2732 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:53:59.0696 2732 USBSTOR - ok
08:53:59.0712 2732 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:53:59.0712 2732 usbuhci - ok
08:53:59.0759 2732 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
08:53:59.0759 2732 usbvideo - ok
08:53:59.0790 2732 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:53:59.0790 2732 UxSms - ok
08:53:59.0806 2732 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
08:53:59.0806 2732 VaultSvc - ok
08:53:59.0852 2732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:53:59.0852 2732 vdrvroot - ok
08:53:59.0899 2732 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
08:53:59.0915 2732 vds - ok
08:53:59.0930 2732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:53:59.0930 2732 vga - ok
08:53:59.0946 2732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:53:59.0946 2732 VgaSave - ok
08:53:59.0977 2732 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:53:59.0977 2732 vhdmp - ok
08:53:59.0993 2732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:53:59.0993 2732 viaide - ok
08:54:00.0008 2732 vmci - ok
08:54:00.0008 2732 VMnetAdapter - ok
08:54:00.0040 2732 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:54:00.0040 2732 volmgr - ok
08:54:00.0071 2732 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:54:00.0071 2732 volmgrx - ok
08:54:00.0102 2732 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:54:00.0102 2732 volsnap - ok
08:54:00.0133 2732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:54:00.0133 2732 vsmraid - ok
08:54:00.0227 2732 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
08:54:00.0227 2732 VSPerfDrv100 - ok
08:54:00.0336 2732 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
08:54:00.0352 2732 VSS - ok
08:54:00.0445 2732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:54:00.0445 2732 vwifibus - ok
08:54:00.0461 2732 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:54:00.0461 2732 vwififlt - ok
08:54:00.0492 2732 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:54:00.0508 2732 W32Time - ok
08:54:00.0523 2732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:54:00.0523 2732 WacomPen - ok
08:54:00.0554 2732 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:54:00.0554 2732 WANARP - ok
08:54:00.0570 2732 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:54:00.0570 2732 Wanarpv6 - ok
08:54:00.0679 2732 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:54:00.0695 2732 WatAdminSvc - ok
08:54:00.0804 2732 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
08:54:00.0820 2732 wbengine - ok
08:54:00.0929 2732 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:54:00.0929 2732 WbioSrvc - ok
08:54:00.0960 2732 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
08:54:00.0976 2732 wcncsvc - ok
08:54:00.0991 2732 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:54:00.0991 2732 WcsPlugInService - ok
08:54:01.0022 2732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:54:01.0022 2732 Wd - ok
08:54:01.0069 2732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:54:01.0085 2732 Wdf01000 - ok
08:54:01.0100 2732 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:54:01.0100 2732 WdiServiceHost - ok
08:54:01.0116 2732 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:54:01.0116 2732 WdiSystemHost - ok
08:54:01.0147 2732 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
08:54:01.0147 2732 WebClient - ok
08:54:01.0178 2732 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:54:01.0178 2732 Wecsvc - ok
08:54:01.0194 2732 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:54:01.0210 2732 wercplsupport - ok
08:54:01.0225 2732 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:54:01.0241 2732 WerSvc - ok
08:54:01.0303 2732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:54:01.0303 2732 WfpLwf - ok
08:54:01.0319 2732 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
08:54:01.0319 2732 WimFltr - ok
08:54:01.0334 2732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:54:01.0334 2732 WIMMount - ok
08:54:01.0397 2732 WinDefend - ok
08:54:01.0412 2732 WinHttpAutoProxySvc - ok
08:54:01.0475 2732 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:54:01.0490 2732 Winmgmt - ok
08:54:01.0615 2732 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
08:54:01.0631 2732 WinRM - ok
08:54:01.0740 2732 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
08:54:01.0740 2732 WinUsb - ok
08:54:01.0802 2732 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:54:01.0818 2732 Wlansvc - ok
08:54:01.0834 2732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:54:01.0834 2732 WmiAcpi - ok
08:54:01.0896 2732 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:54:01.0912 2732 wmiApSrv - ok
08:54:01.0943 2732 WMPNetworkSvc - ok
08:54:01.0974 2732 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:54:01.0974 2732 WPCSvc - ok
08:54:01.0990 2732 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
08:54:01.0990 2732 WPDBusEnum - ok
08:54:02.0021 2732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:54:02.0021 2732 ws2ifsl - ok
08:54:02.0052 2732 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:54:02.0068 2732 wscsvc - ok
08:54:02.0068 2732 WSearch - ok
08:54:02.0208 2732 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
08:54:02.0239 2732 wuauserv - ok
08:54:02.0364 2732 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:54:02.0364 2732 WudfPf - ok
08:54:02.0411 2732 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:54:02.0411 2732 WUDFRd - ok
08:54:02.0426 2732 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
08:54:02.0426 2732 wudfsvc - ok
08:54:02.0458 2732 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:54:02.0458 2732 WwanSvc - ok
08:54:02.0504 2732 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:54:02.0910 2732 \Device\Harddisk0\DR0 - ok
08:54:02.0926 2732 Boot (0x1200) (4845668408ec901b671348084e417c9b) \Device\Harddisk0\DR0\Partition0
08:54:02.0926 2732 \Device\Harddisk0\DR0\Partition0 - ok
08:54:02.0957 2732 Boot (0x1200) (1e5ca35c87b833cbb2538a231409f2be) \Device\Harddisk0\DR0\Partition1
08:54:02.0957 2732 \Device\Harddisk0\DR0\Partition1 - ok
08:54:02.0957 2732 ============================================================
08:54:02.0957 2732 Scan finished
08:54:02.0957 2732 ============================================================
08:54:02.0972 2244 Detected object count: 0
08:54:02.0972 2244 Actual detected object count: 0
08:54:06.0732 2760 Deinitialize success

#6 Glenn Murray

Glenn Murray
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 19 May 2012 - 11:46 AM

Hi,

When I hovered over the icon that was next to "folder" created by extracting from ComboFix, I saw that it said something like "files and hardware connected to computer". I googled the exact phrase and "comboFix" and saw in another malware forum where it was suggested to run ComboFix in Safe Mode. This worked, insofar as actually running Combo Fix program.
It is running now. If I have no more problems, I will post the results and log. If I do have problems, I will post them here after I reboot in Normal Mode.

#7 Glenn Murray

Glenn Murray
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 19 May 2012 - 12:05 PM

Hi,

ComboFix completed running without any problems. Below is the log file.
Please advise on the next step(s).
Thanks very much for your help so far!

Glenn

ComboFix 12-05-19.01 - Glenn 05/19/2012 9:38.1.8 - x64 MINIMAL
Running from: c:\users\Glenn\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\100
c:\programdata\811850x7d643j541e433b1rwv2b7
c:\programdata\FullRemove.exe
C:\ReGBe.Bin
c:\users\Glenn\AppData\Local\Apple Computer\Adobe\zxjqgy.dll
c:\users\Glenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\{06469081-7C24-4219-ADB6-10231FDC9AB2}.xps
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 16:46 . 2012-05-19 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-18 22:55 . 2012-01-05 00:31 597832 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-05-18 22:55 . 2012-01-05 00:31 597832 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2012-05-18 21:14 . 2012-05-18 21:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-18 21:12 . 2012-05-18 21:12 -------- d-----w- c:\users\Glenn\AppData\Roaming\SUPERAntiSpyware.com
2012-05-18 21:11 . 2012-05-18 21:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-18 19:37 . 2012-05-18 19:37 388096 ----a-r- c:\users\Glenn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-18 19:14 . 2012-05-18 19:14 -------- d-----w- c:\users\Glenn\AppData\Roaming\Malwarebytes
2012-05-18 19:13 . 2012-05-18 19:13 -------- d-----w- c:\programdata\Malwarebytes
2012-05-18 19:13 . 2012-05-18 22:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-18 19:13 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-18 16:43 . 2012-05-18 16:43 -------- d-----w- c:\programdata\99058D6500016020000AD478A60145BE
2012-05-18 16:43 . 2012-05-18 16:43 -------- d-----w- c:\program files (x86)\Common Files\PerformanceAbout
2012-05-16 15:06 . 2012-05-18 20:07 -------- d-----w- c:\users\Glenn\.morena
2012-05-16 15:06 . 2012-05-16 15:06 -------- d-----w- c:\users\Glenn\.epaysol
2012-04-28 05:33 . 2012-05-18 19:26 -------- d-----w- c:\users\Glenn\AppData\Local\Local AppWizard-Generated Applications
2012-04-25 20:29 . 2012-05-18 20:07 -------- d-----w- c:\users\Glenn\AppData\Local\GoldenFrog
2012-04-25 20:24 . 2012-04-28 13:27 -------- d-----w- c:\users\Glenn\AppData\Roaming\Mimo
2012-04-25 20:21 . 2012-04-25 20:34 -------- d-----w- c:\program files (x86)\OpenVPN
2012-04-25 19:50 . 2012-04-25 19:50 -------- d-----w- c:\users\Glenn\AppData\Roaming\Forte
2012-04-25 19:47 . 2012-05-18 20:07 -------- d-----w- c:\program files (x86)\Agent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 20:10 . 2010-12-25 07:47 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-03-31 19:34 . 2012-03-31 19:34 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-31 19:34 . 2012-03-31 19:34 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-31 19:34 . 2012-03-31 19:34 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-31 19:34 . 2012-03-31 19:34 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-31 19:34 . 2012-03-31 19:34 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-31 19:34 . 2012-03-31 19:34 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-31 19:34 . 2012-03-31 19:34 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-31 19:34 . 2012-03-31 19:34 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-31 19:34 . 2012-03-31 19:34 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-31 19:34 . 2012-03-31 19:34 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-31 19:34 . 2012-03-31 19:34 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-31 19:34 . 2012-03-31 19:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-31 19:34 . 2012-03-31 19:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-31 19:34 . 2012-03-31 19:34 448512 ----a-w- c:\windows\system32\html.iec
2012-03-31 19:34 . 2012-03-31 19:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-31 19:34 . 2012-03-31 19:34 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-31 19:34 . 2012-03-31 19:34 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-31 19:34 . 2012-03-31 19:34 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-31 19:34 . 2012-03-31 19:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-31 19:34 . 2012-03-31 19:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-31 19:34 . 2012-03-31 19:34 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-31 19:34 . 2012-03-31 19:34 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-31 19:34 . 2012-03-31 19:34 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-31 19:34 . 2012-03-31 19:34 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-31 19:34 . 2012-03-31 19:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-31 19:34 . 2012-03-31 19:34 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-31 19:34 . 2012-03-31 19:34 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-31 19:34 . 2012-03-31 19:34 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-31 19:34 . 2012-03-31 19:34 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-31 19:34 . 2012-03-31 19:34 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-31 19:34 . 2012-03-31 19:34 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-31 19:34 . 2012-03-31 19:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-31 19:34 . 2012-03-31 19:34 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-31 19:34 . 2012-03-31 19:34 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-31 19:34 . 2012-03-31 19:34 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-31 19:34 . 2012-03-31 19:34 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-31 19:34 . 2012-03-31 19:34 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-31 19:34 . 2012-03-31 19:34 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-31 19:34 . 2012-03-31 19:34 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-31 19:34 . 2012-03-31 19:34 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-31 19:34 . 2012-03-31 19:34 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-31 19:34 . 2012-03-31 19:34 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-31 19:18 . 2012-03-31 19:18 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-31 19:18 . 2012-03-31 19:18 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-31 19:18 . 2012-03-31 19:18 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-31 19:18 . 2012-03-31 19:18 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-31 19:18 . 2012-03-31 19:18 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-31 19:18 . 2012-03-31 19:18 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-31 19:18 . 2012-03-31 19:18 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-31 19:18 . 2012-03-31 19:18 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-31 19:18 . 2012-03-31 19:18 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-31 19:18 . 2012-03-31 19:18 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-31 19:18 . 2012-03-31 19:18 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-31 19:18 . 2012-03-31 19:18 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-31 19:18 . 2012-03-31 19:18 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-03-31 19:18 . 2012-03-31 19:18 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-31 19:18 . 2012-03-31 19:18 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-31 19:18 . 2012-03-31 19:18 1540608 ----a-w- c:\windows\system32\DWrite.dll
2012-03-31 19:18 . 2012-03-31 19:18 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-03-31 19:18 . 2012-03-31 19:18 144384 ----a-w- c:\windows\system32\cdd.dll
2012-03-31 19:18 . 2012-03-31 19:18 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-03-31 19:18 . 2012-03-31 19:18 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-31 19:18 . 2012-03-31 19:18 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-03-31 19:18 . 2012-03-31 19:18 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-03-07 22:33 . 2011-03-07 22:33 402216 ----a-w- c:\program files\iTunesAdmin.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\prxtbAF-0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\AF-HSS\prxtbAF-0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\prxtbAF-0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"Spotify"="c:\users\Glenn\AppData\Roaming\Spotify\Spotify.exe" [2012-05-16 9478320]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Glenn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-16 932528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-17 4787072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-04-26 1597440]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-03-24 899072]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP KEYBOARDg"="c:\program files (x86)\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE" [2009-07-24 701592]
"EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE" [2011-12-10 3240448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-12-25 576000]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-06 331608]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 135664]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-20 394672]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-27 235624]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-06 79360]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-06 77520]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 13:07]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 13:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\0wyhhq9e.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\Glenn\AppData\Local\Apple Computer\Adobe\zxjqgy.dll
Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKU-Default-Run-Adobe - c:\users\Glenn\AppData\Local\Apple Computer\Adobe\zxjqgy.dll
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\01\14\16\053?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-19 09:53:57
ComboFix-quarantined-files.txt 2012-05-19 16:53
.
Pre-Run: 74,433,044,480 bytes free
Post-Run: 75,861,057,536 bytes free
.
- - End Of File - - 21E702847B7279E3044811DD225BE5AD

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 19 May 2012 - 08:43 PM

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

DirLook::
c:\programdata\99058D6500016020000AD478A60145BE
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Glenn Murray

Glenn Murray
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 23 May 2012 - 01:18 AM

Hi,

Thanks for your continued expert advice. I followed the instructions above. Below are the two logs. MBAM found one problem, which I had it remove, then I immediately restarted my computer. By the way, I have had much better performance the last couple days, with no browser hijacks.
Please advise on next steps.

Glenn

ComboFix 12-05-19.01 - Glenn 05/22/2012 8:15.2.8 - x64
Running from: c:\users\Glenn\Desktop\ComboFix.exe
Command switches used :: c:\users\Glenn\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 16:11 . 2012-05-22 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-20 18:23 . 2012-05-20 18:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-20 18:23 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-19 19:19 . 2012-05-19 19:19 -------- d-----w- C:\AntiVirus
2012-05-19 17:42 . 2012-05-19 17:42 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-18 22:55 . 2012-01-05 00:31 597832 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-05-18 22:55 . 2012-01-05 00:31 597832 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2012-05-18 19:37 . 2012-05-18 19:37 388096 ----a-r- c:\users\Glenn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-18 19:14 . 2012-05-18 19:14 -------- d-----w- c:\users\Glenn\AppData\Roaming\Malwarebytes
2012-05-18 19:13 . 2012-05-18 19:13 -------- d-----w- c:\programdata\Malwarebytes
2012-05-18 16:43 . 2012-05-18 16:43 -------- d-----w- c:\programdata\99058D6500016020000AD478A60145BE
2012-05-18 16:43 . 2012-05-18 16:43 -------- d-----w- c:\program files (x86)\Common Files\PerformanceAbout
2012-05-16 15:06 . 2012-05-18 20:07 -------- d-----w- c:\users\Glenn\.morena
2012-05-16 15:06 . 2012-05-16 15:06 -------- d-----w- c:\users\Glenn\.epaysol
2012-04-28 05:33 . 2012-05-18 19:26 -------- d-----w- c:\users\Glenn\AppData\Local\Local AppWizard-Generated Applications
2012-04-25 20:29 . 2012-05-18 20:07 -------- d-----w- c:\users\Glenn\AppData\Local\GoldenFrog
2012-04-25 20:24 . 2012-04-28 13:27 -------- d-----w- c:\users\Glenn\AppData\Roaming\Mimo
2012-04-25 20:21 . 2012-04-25 20:34 -------- d-----w- c:\program files (x86)\OpenVPN
2012-04-25 19:50 . 2012-04-25 19:50 -------- d-----w- c:\users\Glenn\AppData\Roaming\Forte
2012-04-25 19:47 . 2012-05-18 20:07 -------- d-----w- c:\program files (x86)\Agent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 16:13 . 2010-12-25 07:47 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-03-31 19:34 . 2012-03-31 19:34 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-31 19:34 . 2012-03-31 19:34 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-31 19:34 . 2012-03-31 19:34 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-31 19:34 . 2012-03-31 19:34 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-31 19:34 . 2012-03-31 19:34 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-31 19:34 . 2012-03-31 19:34 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-31 19:34 . 2012-03-31 19:34 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-31 19:34 . 2012-03-31 19:34 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-31 19:34 . 2012-03-31 19:34 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-31 19:34 . 2012-03-31 19:34 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-31 19:34 . 2012-03-31 19:34 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-31 19:34 . 2012-03-31 19:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-31 19:34 . 2012-03-31 19:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-31 19:34 . 2012-03-31 19:34 448512 ----a-w- c:\windows\system32\html.iec
2012-03-31 19:34 . 2012-03-31 19:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-31 19:34 . 2012-03-31 19:34 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-31 19:34 . 2012-03-31 19:34 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-31 19:34 . 2012-03-31 19:34 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-31 19:34 . 2012-03-31 19:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-31 19:34 . 2012-03-31 19:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-31 19:34 . 2012-03-31 19:34 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-31 19:34 . 2012-03-31 19:34 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-31 19:34 . 2012-03-31 19:34 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-31 19:34 . 2012-03-31 19:34 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-31 19:34 . 2012-03-31 19:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-31 19:34 . 2012-03-31 19:34 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-31 19:34 . 2012-03-31 19:34 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-31 19:34 . 2012-03-31 19:34 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-31 19:34 . 2012-03-31 19:34 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-31 19:34 . 2012-03-31 19:34 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-31 19:34 . 2012-03-31 19:34 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-31 19:34 . 2012-03-31 19:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-31 19:34 . 2012-03-31 19:34 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-31 19:34 . 2012-03-31 19:34 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-31 19:34 . 2012-03-31 19:34 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-31 19:34 . 2012-03-31 19:34 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-31 19:34 . 2012-03-31 19:34 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-31 19:34 . 2012-03-31 19:34 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-31 19:34 . 2012-03-31 19:34 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-31 19:34 . 2012-03-31 19:34 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-31 19:34 . 2012-03-31 19:34 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-31 19:34 . 2012-03-31 19:34 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-31 19:18 . 2012-03-31 19:18 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-31 19:18 . 2012-03-31 19:18 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-31 19:18 . 2012-03-31 19:18 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-31 19:18 . 2012-03-31 19:18 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-31 19:18 . 2012-03-31 19:18 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-31 19:18 . 2012-03-31 19:18 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-31 19:18 . 2012-03-31 19:18 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-31 19:18 . 2012-03-31 19:18 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-31 19:18 . 2012-03-31 19:18 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-31 19:18 . 2012-03-31 19:18 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-31 19:18 . 2012-03-31 19:18 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-31 19:18 . 2012-03-31 19:18 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-31 19:18 . 2012-03-31 19:18 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-03-31 19:18 . 2012-03-31 19:18 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-31 19:18 . 2012-03-31 19:18 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-31 19:18 . 2012-03-31 19:18 1540608 ----a-w- c:\windows\system32\DWrite.dll
2012-03-31 19:18 . 2012-03-31 19:18 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-03-31 19:18 . 2012-03-31 19:18 144384 ----a-w- c:\windows\system32\cdd.dll
2012-03-31 19:18 . 2012-03-31 19:18 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-03-31 19:18 . 2012-03-31 19:18 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-31 19:18 . 2012-03-31 19:18 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-03-31 19:18 . 2012-03-31 19:18 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-03-07 22:33 . 2011-03-07 22:33 402216 ----a-w- c:\program files\iTunesAdmin.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\99058D6500016020000AD478A60145BE ----
.
2012-05-18 16:43 . 2012-05-18 16:43 328 ----a-w- c:\programdata\99058D6500016020000AD478A60145BE\99058D6500016020000AD478A60145BE
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-19_16.50.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-06 13:25 . 2012-05-19 17:52 50108 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-22 16:15 39284 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-25 07:49 . 2012-05-22 16:15 10266 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-637500189-2584311091-3469795566-1001_UserData.bin
+ 2012-05-20 18:23 . 2012-04-04 22:56 24904 c:\windows\system64\drivers\mbam.sys
- 2012-05-18 19:13 . 2012-04-04 22:56 24904 c:\windows\system64\drivers\mbam.sys
- 2010-12-25 06:44 . 2012-05-18 23:24 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 06:44 . 2012-05-19 18:04 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 06:44 . 2012-05-19 18:04 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-25 06:44 . 2012-05-18 23:24 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-18 23:24 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-19 18:04 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 07:47 . 2012-05-18 20:10 45056 c:\windows\system64\acovcnt.exe
+ 2010-12-25 07:47 . 2012-05-22 16:13 45056 c:\windows\system64\acovcnt.exe
+ 2010-11-06 13:25 . 2012-05-19 17:52 50108 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-19 17:52 39260 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-25 06:44 . 2012-05-18 23:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 06:44 . 2012-05-19 18:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 06:44 . 2012-05-18 23:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-25 06:44 . 2012-05-19 18:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-18 23:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-19 18:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-19 17:49 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-25 07:49 . 2012-05-19 17:52 9888 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-637500189-2584311091-3469795566-1001_UserData.bin
- 2012-05-19 16:35 . 2012-05-19 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-22 16:13 . 2012-05-22 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 16:35 . 2012-05-19 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-22 16:13 . 2012-05-22 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-05-22 16:13 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-19 16:34 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 07:27 . 2012-05-22 15:05 443576 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-12-27 07:27 . 2012-05-22 15:05 443576 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:01 . 2012-05-22 16:12 389396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-19 16:32 389396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-05-22 16:13 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-19 16:34 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 16:13 5521408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-19 16:34 5521408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-03-31 19:42 3798808 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-19 17:41 3798808 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-05 22:55 . 2012-05-19 17:37 1053528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-05 22:55 . 2012-05-19 16:32 1053528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2012-05-20 18:03 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-18 23:03 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-18 23:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-20 18:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-25 20:26 . 2012-05-22 16:12 12867888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-637500189-2584311091-3469795566-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\prxtbAF-0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\AF-HSS\prxtbAF-0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\prxtbAF-0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-03-24 899072]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP KEYBOARDg"="c:\program files (x86)\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE" [2009-07-24 701592]
"EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE" [2011-12-10 3240448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Conime"="c:\windows\system32\conime.exe" [BU]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-06 79360]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-06 77520]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-20 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-27 235624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 13:07]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 13:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\0wyhhq9e.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\01\14\16\053?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-05-22 09:22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 16:22
ComboFix2.txt 2012-05-19 16:53
.
Pre-Run: 76,865,236,992 bytes free
Post-Run: 76,440,457,216 bytes free
.
- - End Of File - - F6606E181633457D420597E022104DB3

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Glenn :: GLENN-PC [administrator]

Protection: Disabled

5/22/2012 10:11:19 PM
mbam-log-2012-05-22 (22-11-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415220
Time elapsed: 51 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\413fbcb9-66b9a341 (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 23 May 2012 - 09:39 PM

Excellent! Please navigate to this folder, then right click on it and select "Delete":

c:\programdata\99058D6500016020000AD478A60145BE

Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • ESET log

Edited by RPMcMurphy, 23 May 2012 - 09:40 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Glenn Murray

Glenn Murray
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 28 May 2012 - 01:50 PM

Hi,
i have been on vacation the last several days, and unable to perform next steps. i will complete these steps within the next 1 or 2 days. Please do not close topic yet. I definitely want to continue the thorough and professional processes we have been working on.

Thanks very much,
Glenn

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 28 May 2012 - 08:09 PM

Thanks for letting me know, Glenn. I'll keep the thread open for you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 Glenn Murray

Glenn Murray
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 01 June 2012 - 02:54 PM

Hi RPMcMurphy,

Thanks for keeping the topic open.
I've caught up with my "real world" tasks after returning from vacation. I will be able to perform virus removal tasks more promptly from today on...
Below is the ESET log after running the scan per your instructions.
Please advise on next steps.

Thanks for your help.
It is greatly appreciated!

Glenn

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-01 07:40:46
# local_time=2012-06-01 12:40:46 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=crash
# scanned=234003
# found=18
# cleaned=0
# scan_time=9058
C:\Qoobox\Quarantine\C\Users\Glenn\AppData\Local\Apple Computer\Adobe\zxjqgy.dll.vir a variant of Win32/Kryptik.AFWJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2235ffff multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5e5c299d-2b9ba8a2 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\2452a8e7-442118f4 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4ffbf1ea-224fd346 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\112477c-4f144726 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\496d73d-2f54a696 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6bb21e88-26df92e7 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\774f0988-28e44dba Java/Agent.DS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\0wyhhq9e.default\extensions\fsejrzooer@fsejrzooer.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{67805821-c62b-2aef-0dd0-17f2e5c1e7bc}\U\00000008.@ Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{67805821-c62b-2aef-0dd0-17f2e5c1e7bc}\U\80000000.@ Win64/Sirefef.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{67805821-c62b-2aef-0dd0-17f2e5c1e7bc}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{67805821-c62b-2aef-0dd0-17f2e5c1e7bc}\U\80000064.@ Win64/Sirefef.AE trojan (unable to clean) 00000000000000000000000000000000 I
D:\Software\WM_Recorder_v14.zip a variant of Win32/HackTool.Patcher.B application (unable to clean) 00000000000000000000000000000000 I
D:\Software\WM_Recorder_v14\WM_Recorder_v14.8\unipatch.zip a variant of Win32/HackTool.Patcher.B application (unable to clean) 00000000000000000000000000000000 I
D:\tmp\WinZip.Pro.v15.5.9468.Incl.Keygen-Lz0.rar Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
D:\tmp\WinZip.Pro.v15.5.9468.Incl.Keygen-Lz0\winzip155.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 PM

Posted 02 June 2012 - 12:06 AM

Hi,

Please do this next. ComboFix should prompt you to update it; please allow the update.

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above ClearJavaCache::

ClearJavaCache::

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Also, please remove these (and any other) keygens you have in the system. This type of software is not only illegal, but it is a major source of malware.

D:\tmp\WinZip.Pro.v15.5.9468.Incl.Keygen-Lz0.rar
D:\tmp\WinZip.Pro.v15.5.9468.Incl.Keygen-Lz0\winzip155.exe

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 Glenn Murray

Glenn Murray
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 07 June 2012 - 07:48 PM

Hi,

I removed the offending keygen files, then ran ComboFix, after getting the update. Below is the log.
Please advise on next steps.


Thanks very much,
Glenn

ComboFix 12-06-07.03 - Glenn 06/07/2012 16:34:19.3.8 - x64
Running from: c:\users\Glenn\Desktop\ComboFix.exe
Command switches used :: c:\users\Glenn\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Glenn\AppData\Roaming\Microsoft\Office\Recent\GARAGE SALE 06-09-12.doc.LNK
c:\users\Glenn\AppData\Roaming\Microsoft\Office\Recent\Parents Christmas Card List.doc.LNK
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 00:28 . 2012-06-08 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-07 23:15 . 2012-06-07 23:15 -------- d-----w- c:\users\Glenn\AppData\Roaming\AVG2012
2012-06-07 23:14 . 2012-06-07 23:19 -------- d-----w- c:\programdata\AVG2012
2012-06-01 16:53 . 2012-06-01 16:53 -------- d-----w- c:\program files (x86)\ESET
2012-05-29 15:41 . 2012-05-29 15:41 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-20 18:23 . 2012-05-20 18:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-20 18:23 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-19 19:19 . 2012-05-19 19:19 -------- d-----w- C:\AntiVirus
2012-05-19 17:42 . 2012-05-19 17:42 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-18 22:55 . 2012-01-05 00:31 597832 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-05-18 22:55 . 2012-01-05 00:31 597832 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2012-05-18 19:37 . 2012-05-18 19:37 388096 ----a-r- c:\users\Glenn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-18 19:14 . 2012-05-18 19:14 -------- d-----w- c:\users\Glenn\AppData\Roaming\Malwarebytes
2012-05-18 19:13 . 2012-05-18 19:13 -------- d-----w- c:\programdata\Malwarebytes
2012-05-18 16:43 . 2012-05-18 16:43 -------- d-----w- c:\program files (x86)\Common Files\PerformanceAbout
2012-05-16 15:06 . 2012-05-18 20:07 -------- d-----w- c:\users\Glenn\.morena
2012-05-16 15:06 . 2012-05-16 15:06 -------- d-----w- c:\users\Glenn\.epaysol
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 00:31 . 2010-12-25 07:47 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-29 15:41 . 2011-10-22 16:35 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-31 19:34 . 2012-03-31 19:34 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-31 19:34 . 2012-03-31 19:34 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-31 19:34 . 2012-03-31 19:34 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-31 19:34 . 2012-03-31 19:34 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-31 19:34 . 2012-03-31 19:34 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-31 19:34 . 2012-03-31 19:34 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-31 19:34 . 2012-03-31 19:34 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-31 19:34 . 2012-03-31 19:34 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-31 19:34 . 2012-03-31 19:34 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-31 19:34 . 2012-03-31 19:34 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-31 19:34 . 2012-03-31 19:34 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-31 19:34 . 2012-03-31 19:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-31 19:34 . 2012-03-31 19:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-31 19:34 . 2012-03-31 19:34 448512 ----a-w- c:\windows\system32\html.iec
2012-03-31 19:34 . 2012-03-31 19:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-31 19:34 . 2012-03-31 19:34 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-31 19:34 . 2012-03-31 19:34 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-31 19:34 . 2012-03-31 19:34 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-31 19:34 . 2012-03-31 19:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-31 19:34 . 2012-03-31 19:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-31 19:34 . 2012-03-31 19:34 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-31 19:34 . 2012-03-31 19:34 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-31 19:34 . 2012-03-31 19:34 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-31 19:34 . 2012-03-31 19:34 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-31 19:34 . 2012-03-31 19:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-31 19:34 . 2012-03-31 19:34 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-31 19:34 . 2012-03-31 19:34 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-31 19:34 . 2012-03-31 19:34 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-31 19:34 . 2012-03-31 19:34 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-31 19:34 . 2012-03-31 19:34 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-31 19:34 . 2012-03-31 19:34 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-31 19:34 . 2012-03-31 19:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-31 19:34 . 2012-03-31 19:34 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-31 19:34 . 2012-03-31 19:34 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-31 19:34 . 2012-03-31 19:34 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-31 19:34 . 2012-03-31 19:34 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-31 19:34 . 2012-03-31 19:34 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-31 19:34 . 2012-03-31 19:34 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-31 19:34 . 2012-03-31 19:34 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-31 19:34 . 2012-03-31 19:34 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-31 19:34 . 2012-03-31 19:34 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-31 19:34 . 2012-03-31 19:34 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-31 19:18 . 2012-03-31 19:18 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-31 19:18 . 2012-03-31 19:18 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-31 19:18 . 2012-03-31 19:18 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-31 19:18 . 2012-03-31 19:18 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-31 19:18 . 2012-03-31 19:18 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-31 19:18 . 2012-03-31 19:18 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-31 19:18 . 2012-03-31 19:18 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-31 19:18 . 2012-03-31 19:18 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-31 19:18 . 2012-03-31 19:18 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-31 19:18 . 2012-03-31 19:18 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-31 19:18 . 2012-03-31 19:18 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-31 19:18 . 2012-03-31 19:18 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-31 19:18 . 2012-03-31 19:18 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-03-31 19:18 . 2012-03-31 19:18 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-31 19:18 . 2012-03-31 19:18 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-31 19:18 . 2012-03-31 19:18 1540608 ----a-w- c:\windows\system32\DWrite.dll
2012-03-31 19:18 . 2012-03-31 19:18 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-03-31 19:18 . 2012-03-31 19:18 144384 ----a-w- c:\windows\system32\cdd.dll
2012-03-31 19:18 . 2012-03-31 19:18 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-03-31 19:18 . 2012-03-31 19:18 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-31 19:18 . 2012-03-31 19:18 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-03-31 19:18 . 2012-03-31 19:18 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-19 12:17 . 2012-03-19 12:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-03-07 22:33 . 2011-03-07 22:33 402216 ----a-w- c:\program files\iTunesAdmin.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-19_16.50.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-06 13:25 . 2012-06-08 00:32 51128 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-08 00:32 39394 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-25 07:49 . 2012-05-23 06:08 10290 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-637500189-2584311091-3469795566-1001_UserData.bin
- 2012-05-18 19:13 . 2012-04-04 22:56 24904 c:\windows\system64\drivers\mbam.sys
+ 2012-05-20 18:23 . 2012-04-04 22:56 24904 c:\windows\system64\drivers\mbam.sys
+ 2012-01-31 11:46 . 2012-01-31 11:46 36944 c:\windows\system64\drivers\avgrkx64.sys
+ 2011-12-23 20:32 . 2011-12-23 20:32 47696 c:\windows\system64\drivers\avgmfx64.sys
+ 2012-04-19 11:50 . 2012-04-19 11:50 28480 c:\windows\system64\drivers\avgidsha.sys
+ 2011-12-23 20:32 . 2011-12-23 20:32 29776 c:\windows\system64\drivers\avgidsfiltera.sys
+ 2010-12-25 06:44 . 2012-06-01 22:08 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 06:44 . 2012-05-18 23:24 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 06:44 . 2012-06-01 22:08 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-25 06:44 . 2012-05-18 23:24 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 22:08 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-18 23:24 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 07:47 . 2012-05-18 20:10 45056 c:\windows\system64\acovcnt.exe
+ 2010-12-25 07:47 . 2012-06-08 00:31 45056 c:\windows\system64\acovcnt.exe
+ 2010-11-06 13:25 . 2012-06-08 00:32 51128 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-08 00:32 39394 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-25 07:49 . 2012-05-23 06:08 10290 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-637500189-2584311091-3469795566-1001_UserData.bin
+ 2012-01-31 11:46 . 2012-01-31 11:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 20:32 . 2011-12-23 20:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-12-23 20:32 . 2011-12-23 20:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
- 2010-12-25 06:44 . 2012-05-18 23:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 06:44 . 2012-06-01 22:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 06:44 . 2012-05-18 23:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-25 06:44 . 2012-06-01 22:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-18 23:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 22:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-26 04:25 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-04-28 04:56 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-05-19 16:35 . 2012-05-19 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-08 00:30 . 2012-06-08 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 16:35 . 2012-05-19 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-08 00:30 . 2012-06-08 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-29 15:41 . 2012-05-29 15:41 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-29 15:41 . 2012-05-29 15:41 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-05-29 15:41 . 2012-05-29 15:41 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:54 . 2012-06-08 00:30 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-19 16:34 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 07:27 . 2012-06-07 23:01 446060 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-05-29 15:41 . 2012-05-29 15:41 631456 c:\windows\system64\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-05-29 15:41 . 2012-05-29 15:41 461984 c:\windows\system64\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
+ 2012-03-19 12:17 . 2012-03-19 12:17 383808 c:\windows\system64\drivers\avgtdia.sys
+ 2012-02-22 12:25 . 2012-02-22 12:25 289872 c:\windows\system64\drivers\avgldx64.sys
+ 2011-12-23 20:31 . 2011-12-23 20:31 124496 c:\windows\system64\drivers\avgidsdrivera.sys
+ 2010-12-27 07:27 . 2012-06-07 23:01 446060 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-05-29 15:41 . 2012-05-29 15:41 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-05-29 15:41 . 2012-05-29 15:41 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
+ 2012-02-22 12:25 . 2012-02-22 12:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 20:31 . 2011-12-23 20:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
+ 2009-07-14 05:01 . 2012-06-08 00:29 389396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-19 16:32 389396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-06-08 00:30 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-19 16:34 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-19 16:34 5521408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 00:30 5521408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-05-19 17:41 3798808 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-31 19:42 3798808 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-05 22:55 . 2012-05-19 17:37 1053528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-05 22:55 . 2012-05-19 16:32 1053528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-07 23:07 . 2012-06-07 23:07 8449024 c:\windows\Installer\50e513a1.msi
+ 2012-06-07 23:12 . 2012-06-07 23:12 2871808 c:\windows\Installer\50e5136e.msi
+ 2012-06-07 23:05 . 2012-06-07 23:05 1955328 c:\windows\Installer\50e51362.msi
+ 2009-07-14 02:34 . 2012-06-07 23:33 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-18 23:03 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-07 23:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-18 23:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-25 20:26 . 2012-06-08 00:29 13607632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-637500189-2584311091-3469795566-1001-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\prxtbAF-0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\AF-HSS\prxtbAF-0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\prxtbAF-0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-03-24 899072]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP KEYBOARDg"="c:\program files (x86)\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE" [2009-07-24 701592]
"EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE" [2011-12-10 3240448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Conime"="c:\windows\system32\conime.exe" [BU]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-06 79360]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-06 77520]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-20 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-27 235624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 13:07]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 13:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\0wyhhq9e.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\01\14\16\053?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-06-07 17:39:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 00:39
ComboFix2.txt 2012-05-22 16:22
ComboFix3.txt 2012-05-19 16:53
.
Pre-Run: 90,782,908,416 bytes free
Post-Run: 90,415,796,224 bytes free
.
- - End Of File - - E19E8DD37E804F6FF3DFB6C2B16C7B7D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users