Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whitesmoke toolbar removal


  • This topic is locked This topic is locked
25 replies to this topic

#1 seabeetod

seabeetod

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 30 May 2012 - 12:56 PM

Hello, I seem to have obtained the whitesmoke toolbar and some video app called "blinkx beat" through some crap my son was downloading. I tried CCcleaner and malwarebytes. I've identified a few lines in my hijackthis log but thought I'd better show it to someone nmore knowledgeable. For some reason, I could not download DDS. Nothing popped up on either link. I am running windows 7. I also found something called Basicscan.

Edited by seabeetod, 30 May 2012 - 02:28 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 31 May 2012 - 02:13 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 seabeetod

seabeetod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 31 May 2012 - 10:18 AM

As far as problems, the computer seems to be running ok. I got the whitesmoke toolbar off of chrome but I still have a whitesmoke "translator". The blinxs beat installed itself as my screensaver, I disabled that, but I don't know how to uninstall. I don't know if i got rid of basicscan or not.


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 20
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````





OTL logfile created on: 5/31/2012 9:47:56 AM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Todd\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.70% Memory free
15.86 Gb Paging File | 13.79 Gb Available in Paging File | 86.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.43 Gb Total Space | 796.23 Gb Free Space | 86.51% Space Free | Partition Type: NTFS
Drive D: | 10.98 Gb Total Space | 1.58 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive N: | 298.09 Gb Total Space | 195.67 Gb Free Space | 65.64% Space Free | Partition Type: NTFS

Computer Name: TODD-PC | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Todd\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll ()
MOD - C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll ()
MOD - C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll ()
MOD - C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()
MOD - C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()
MOD - C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6CE0C255-91F6-4FF7-8851-52067A45FB92}
IE:64bit: - HKLM\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-opencandygames-chromesbox-en-us&tb_uuid=20120502215100279&tb_oid=02-05-2012&tb_mrud=02-05-2012
IE - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - No CLSID value found
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F483B07F32F25EC8B941BF4FC0561156&q={searchTerms}
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-opencandygames-chromesbox-en-us&tb_uuid=20120502215100279&tb_oid=02-05-2012&tb_mrud=02-05-2012
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8ujcUcmh&i=26
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke US Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {1519200d-6633-40c9-a9a1-d60d8d1d0479}:1.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Todd\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 18:18:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/15 10:37:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 10:37:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/27 19:13:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 10:33:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 18:18:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz [2012/05/29 20:25:02 | 000,000,000 | ---D | M]

[2010/03/01 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Todd\AppData\Roaming\Mozilla\Extensions
[2012/05/29 20:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions
[2011/07/30 08:32:36 | 000,000,000 | ---D | M] (FaceTweak) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}
[2012/05/02 16:51:08 | 000,000,000 | ---D | M] (Games.com Toolbar) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{493b4069-8c4f-4b4a-8f8c-506200c9887a}
[2012/04/03 15:55:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/29 20:25:10 | 000,000,000 | ---D | M] (WhiteSmoke US Community Toolbar) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
[2012/05/28 06:18:34 | 000,000,929 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\searchplugins\conduit.xml
[2012/05/28 14:49:22 | 000,002,203 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\searchplugins\MyStart Search.xml
[2012/05/30 11:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/05 10:46:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/04 12:19:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
[2012/01/05 18:54:42 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TODD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14K63LL8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/21 10:10:20 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\TODD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14K63LL8.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/03/28 17:12:48 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\TODD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14K63LL8.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2012/05/28 14:49:09 | 000,086,818 | ---- | M] () (No name found) -- C:\USERS\TODD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14K63LL8.DEFAULT\EXTENSIONS\ONECLICKDOWNLOADER@ONECLICKDOWNLOADER.COM.XPI
[2012/01/14 01:10:05 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/04 12:19:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/19 17:47:28 | 000,085,184 | ---- | M] (Renaissance Learning Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npRLPrint.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/25 23:00:42 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Todd\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RLPrint 1.3.13 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npRLPrint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Todd\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Todd\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Google Search = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google+ = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: AdBlock = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Bloons Tower Defense 5 HD = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdklpjiiiehhjfjgicmefnefednelhed\1_0\
CHR - Extension: Ozee = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmggblpgblcoomebaelghgmdgdeknmhg\1.0.7_0\
CHR - Extension: AVG Safe Search = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Skype Click to Call = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: Plants vs Zombies = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: AVG Do Not Track = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Cute Kitten Theme = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpakemckpkcpilpphdmcfehofhefmoa\1.1_0\
CHR - Extension: Gmail = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Sasquatch Survivor = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhlckbnnjkfnlakipclhedkhggpddeo\0.0.2_0\
CHR - Extension: Canvas Rider = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\Toolbar\WebBrowser: (no name) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/15 23:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0fe838db-e366-11de-9446-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0fe838db-e366-11de-9446-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{1d9b9c44-b0a7-11df-b7ed-4061865c5413}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9b9c44-b0a7-11df-b7ed-4061865c5413}\Shell\AutoRun\command - "" = N:\TL-Bootstrap.exe
O33 - MountPoints2\{41eaafd5-920a-11e1-b726-4061865c5413}\Shell - "" = AutoRun
O33 - MountPoints2\{41eaafd5-920a-11e1-b726-4061865c5413}\Shell\AutoRun\command - "" = J:\TLBootstrap_WPP.exe
O33 - MountPoints2\{48f060de-3cfe-11e1-b483-4061865c5413}\Shell - "" = AutoRun
O33 - MountPoints2\{48f060de-3cfe-11e1-b483-4061865c5413}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
O33 - MountPoints2\{74c845d7-f425-11e0-bc72-4061865c5413}\Shell - "" = AutoRun
O33 - MountPoints2\{74c845d7-f425-11e0-bc72-4061865c5413}\Shell\AutoRun\command - "" = L:\setup.exe -a
O33 - MountPoints2\{92bded9c-342d-11e0-9ca7-bf643617431c}\Shell - "" = AutoRun
O33 - MountPoints2\{92bded9c-342d-11e0-9ca7-bf643617431c}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
O33 - MountPoints2\{f88ed198-41b2-11e0-9702-4061865c5413}\Shell - "" = AutoRun
O33 - MountPoints2\{f88ed198-41b2-11e0-9702-4061865c5413}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
O33 - MountPoints2\{f88ed4c9-41b2-11e0-9702-4061865c5413}\Shell - "" = AutoRun
O33 - MountPoints2\{f88ed4c9-41b2-11e0-9702-4061865c5413}\Shell\AutoRun\command - "" = L:\TL-Bootstrap.exe
O33 - MountPoints2\{f88ed4e9-41b2-11e0-9702-4061865c5413}\Shell - "" = AutoRun
O33 - MountPoints2\{f88ed4e9-41b2-11e0-9702-4061865c5413}\Shell\AutoRun\command - "" = L:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/31 09:42:58 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\Security
[2012/05/30 12:02:03 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/30 11:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/05/30 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/30 11:16:00 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\WhiteSmokeTranslator
[2012/05/30 11:08:07 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/29 20:25:17 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blinkx beat
[2012/05/29 20:25:12 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\CRE
[2012/05/29 20:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/05/29 20:25:06 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Conduit
[2012/05/29 20:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmokeTranslator
[2012/05/29 20:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmokeTranslator
[2012/05/29 09:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/28 14:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/05/27 19:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/25 23:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/05/25 23:00:35 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\blekkotb_031
[2012/05/25 23:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/25 23:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/05/24 22:39:55 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\.minecraft
[2012/05/24 12:15:05 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\WinRAR
[2012/05/24 12:15:05 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/24 12:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/24 12:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/05/13 11:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/05/13 11:05:52 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\tmi
[2012/05/11 03:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/11 03:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/11 03:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/09 01:53:26 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/09 01:53:24 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/09 01:53:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/09 01:53:03 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/05 10:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/05/05 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Skype
[2012/05/05 10:46:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/05/05 10:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/05 10:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/05 10:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/05 09:15:15 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\world
[2012/05/05 08:34:48 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\.minecraft
[2012/05/02 15:35:50 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\OpenCandy
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/31 09:45:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 09:45:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 09:43:32 | 099,549,381 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/31 09:42:12 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/31 09:42:12 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/31 09:42:12 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/31 09:37:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/31 09:37:54 | 2090,135,551 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/31 09:34:06 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
[2012/05/31 09:30:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/30 15:36:25 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
[2012/05/30 12:02:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/30 12:02:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/30 12:02:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/30 11:11:38 | 000,011,212 | ---- | M] () -- C:\Users\Todd\Documents\cc_20120530_111059.reg
[2012/05/30 11:06:32 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTodd.job
[2012/05/29 20:25:21 | 000,000,000 | ---- | M] () -- C:\ProgramData\3f16ea4990da1f23fd715e0366e54d81_c
[2012/05/29 20:25:04 | 000,002,095 | ---- | M] () -- C:\Users\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmokeTranslator.lnk
[2012/05/29 12:00:04 | 000,005,120 | ---- | M] () -- C:\Users\Todd\Documents\cc_20120529_115956.reg
[2012/05/29 09:36:44 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/28 14:49:37 | 000,000,842 | ---- | M] () -- C:\user.js
[2012/05/27 19:08:08 | 000,050,412 | ---- | M] () -- C:\Users\Todd\Documents\cc_20120527_190758.reg
[2012/05/24 00:05:46 | 000,002,395 | ---- | M] () -- C:\Users\Todd\Desktop\Google Chrome.lnk
[2012/05/16 16:34:30 | 000,018,851 | ---- | M] () -- C:\Users\Todd\Desktop\Rebecca's speach.odt
[2012/05/16 10:22:21 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 17:33:14 | 000,320,122 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/13 11:12:22 | 000,001,000 | ---- | M] () -- C:\Users\Todd\Desktop\minecraft - Shortcut.lnk
[2012/05/09 03:24:34 | 000,357,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/05 10:46:25 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/05 09:15:31 | 000,000,439 | ---- | M] () -- C:\Users\Todd\Desktop\server.properties
[2012/05/05 09:09:04 | 000,000,051 | ---- | M] () -- C:\Users\Todd\Desktop\Minecraft.url
[2012/05/05 08:34:09 | 000,278,561 | ---- | M] () -- C:\Users\Todd\Desktop\Minecraft.exe
[2012/05/05 08:33:16 | 001,589,718 | ---- | M] () -- C:\Users\Todd\Desktop\Minecraft_Server.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/30 11:11:28 | 000,011,212 | ---- | C] () -- C:\Users\Todd\Documents\cc_20120530_111059.reg
[2012/05/30 11:08:09 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/29 20:25:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\3f16ea4990da1f23fd715e0366e54d81_c
[2012/05/29 20:25:04 | 000,002,095 | ---- | C] () -- C:\Users\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmokeTranslator.lnk
[2012/05/29 11:59:58 | 000,005,120 | ---- | C] () -- C:\Users\Todd\Documents\cc_20120529_115956.reg
[2012/05/28 14:49:36 | 000,000,842 | ---- | C] () -- C:\user.js
[2012/05/27 19:08:00 | 000,050,412 | ---- | C] () -- C:\Users\Todd\Documents\cc_20120527_190758.reg
[2012/05/13 11:12:22 | 000,001,000 | ---- | C] () -- C:\Users\Todd\Desktop\minecraft - Shortcut.lnk
[2012/05/09 19:06:03 | 000,018,851 | ---- | C] () -- C:\Users\Todd\Desktop\Rebecca's speach.odt
[2012/05/05 10:46:25 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/05 09:15:15 | 000,000,439 | ---- | C] () -- C:\Users\Todd\Desktop\server.properties
[2012/05/05 09:09:04 | 000,000,051 | ---- | C] () -- C:\Users\Todd\Desktop\Minecraft.url
[2012/05/05 08:34:09 | 000,278,561 | ---- | C] () -- C:\Users\Todd\Desktop\Minecraft.exe
[2012/05/05 08:33:15 | 001,589,718 | ---- | C] () -- C:\Users\Todd\Desktop\Minecraft_Server.exe
[2012/04/27 08:34:39 | 000,167,754 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.1
[2012/04/27 08:34:36 | 000,438,649 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.0
[2012/04/27 08:34:36 | 000,172,135 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.JPG
[2011/07/18 18:02:31 | 000,001,854 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\GhostObjGAFix.xml
[2011/04/25 13:14:51 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/02 21:46:18 | 000,290,614 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp0804092050A.JPG
[2011/01/24 18:51:48 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2011/01/16 18:10:37 | 000,212,799 | ---- | C] () -- C:\Windows\hpoins52.dat
[2010/12/19 12:20:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/23 19:33:59 | 002,772,410 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp011.JPG
[2010/08/08 10:46:55 | 000,010,622 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.0
[2010/08/08 10:46:55 | 000,009,555 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.JPG

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 31 May 2012 - 12:53 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - No CLSID value found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\Toolbar\WebBrowser: (no name) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{0fe838db-e366-11de-9446-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{0fe838db-e366-11de-9446-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011/09/16 02:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
    O33 - MountPoints2\{1d9b9c44-b0a7-11df-b7ed-4061865c5413}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d9b9c44-b0a7-11df-b7ed-4061865c5413}\Shell\AutoRun\command - "" = N:\TL-Bootstrap.exe
    O33 - MountPoints2\{41eaafd5-920a-11e1-b726-4061865c5413}\Shell - "" = AutoRun
    O33 - MountPoints2\{41eaafd5-920a-11e1-b726-4061865c5413}\Shell\AutoRun\command - "" = J:\TLBootstrap_WPP.exe
    O33 - MountPoints2\{48f060de-3cfe-11e1-b483-4061865c5413}\Shell - "" = AutoRun
    O33 - MountPoints2\{48f060de-3cfe-11e1-b483-4061865c5413}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
    O33 - MountPoints2\{74c845d7-f425-11e0-bc72-4061865c5413}\Shell - "" = AutoRun
    O33 - MountPoints2\{74c845d7-f425-11e0-bc72-4061865c5413}\Shell\AutoRun\command - "" = L:\setup.exe -a
    O33 - MountPoints2\{92bded9c-342d-11e0-9ca7-bf643617431c}\Shell - "" = AutoRun
    O33 - MountPoints2\{92bded9c-342d-11e0-9ca7-bf643617431c}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
    O33 - MountPoints2\{f88ed198-41b2-11e0-9702-4061865c5413}\Shell - "" = AutoRun
    O33 - MountPoints2\{f88ed198-41b2-11e0-9702-4061865c5413}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
    O33 - MountPoints2\{f88ed4c9-41b2-11e0-9702-4061865c5413}\Shell - "" = AutoRun
    O33 - MountPoints2\{f88ed4c9-41b2-11e0-9702-4061865c5413}\Shell\AutoRun\command - "" = L:\TL-Bootstrap.exe
    O33 - MountPoints2\{f88ed4e9-41b2-11e0-9702-4061865c5413}\Shell - "" = AutoRun
    O33 - MountPoints2\{f88ed4e9-41b2-11e0-9702-4061865c5413}\Shell\AutoRun\command - "" = L:\TL-Bootstrap.exe  
    IE:64bit: - HKLM\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785
    IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F483B07F32F25EC8B941BF4FC0561156&q={searchTerms}
    IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8ujcUcmh&i=26
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Blekko"
    FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke US Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {1519200d-6633-40c9-a9a1-d60d8d1d0479}:1.0.4
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz [2012/05/29 20:25:02 | 000,000,000 | ---D | M]
    [2012/05/29 20:25:10 | 000,000,000 | ---D | M] (WhiteSmoke US Community Toolbar) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
    [2012/05/28 06:18:34 | 000,000,929 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\searchplugins\conduit.xml
    [2012/05/28 14:49:22 | 000,002,203 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\searchplugins\MyStart Search.xml
    [2012/05/30 11:16:00 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\WhiteSmokeTranslator
    [2012/05/29 20:25:17 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blinkx beat
    [2012/05/29 20:25:12 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\CRE
    [2012/05/29 20:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/05/29 20:25:06 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Conduit
    [2012/05/29 20:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmokeTranslator
    [2012/05/29 20:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmokeTranslator
    [2012/05/29 20:25:21 | 000,000,000 | ---- | M] () -- C:\ProgramData\3f16ea4990da1f23fd715e0366e54d81_c
    [2012/05/29 20:25:04 | 000,002,095 | ---- | M] () -- C:\Users\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmokeTranslator.lnk
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 seabeetod

seabeetod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 31 May 2012 - 01:17 PM

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cce665dd-f6dd-4808-968e-eaec971f70ef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe838db-e366-11de-9446-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fe838db-e366-11de-9446-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe838db-e366-11de-9446-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fe838db-e366-11de-9446-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9b9c44-b0a7-11df-b7ed-4061865c5413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9b9c44-b0a7-11df-b7ed-4061865c5413}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9b9c44-b0a7-11df-b7ed-4061865c5413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9b9c44-b0a7-11df-b7ed-4061865c5413}\ not found.
File N:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41eaafd5-920a-11e1-b726-4061865c5413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41eaafd5-920a-11e1-b726-4061865c5413}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41eaafd5-920a-11e1-b726-4061865c5413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41eaafd5-920a-11e1-b726-4061865c5413}\ not found.
File J:\TLBootstrap_WPP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48f060de-3cfe-11e1-b483-4061865c5413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48f060de-3cfe-11e1-b483-4061865c5413}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48f060de-3cfe-11e1-b483-4061865c5413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48f060de-3cfe-11e1-b483-4061865c5413}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74c845d7-f425-11e0-bc72-4061865c5413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74c845d7-f425-11e0-bc72-4061865c5413}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74c845d7-f425-11e0-bc72-4061865c5413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74c845d7-f425-11e0-bc72-4061865c5413}\ not found.
File L:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92bded9c-342d-11e0-9ca7-bf643617431c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92bded9c-342d-11e0-9ca7-bf643617431c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92bded9c-342d-11e0-9ca7-bf643617431c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92bded9c-342d-11e0-9ca7-bf643617431c}\ not found.
File K:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f88ed198-41b2-11e0-9702-4061865c5413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f88ed198-41b2-11e0-9702-4061865c5413}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f88ed198-41b2-11e0-9702-4061865c5413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f88ed198-41b2-11e0-9702-4061865c5413}\ not found.
File K:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f88ed4c9-41b2-11e0-9702-4061865c5413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f88ed4c9-41b2-11e0-9702-4061865c5413}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f88ed4c9-41b2-11e0-9702-4061865c5413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f88ed4c9-41b2-11e0-9702-4061865c5413}\ not found.
File L:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f88ed4e9-41b2-11e0-9702-4061865c5413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f88ed4e9-41b2-11e0-9702-4061865c5413}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f88ed4e9-41b2-11e0-9702-4061865c5413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f88ed4e9-41b2-11e0-9702-4061865c5413}\ not found.
File L:\TL-Bootstrap.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{101DD6DE-463E-42C2-B733-ECCE08DFE4A5}\ not found.
Registry key HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Blekko" removed from browser.search.order.1
Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" removed from browser.startup.homepage
Prefs.js: {1519200d-6633-40c9-a9a1-d60d8d1d0479}:1.0.4 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" removed from keyword.URL
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz not found.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\searchplugin folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\components folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\searchplugins\conduit.xml moved successfully.
C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\searchplugins\MyStart Search.xml moved successfully.
C:\Users\Todd\AppData\Roaming\WhiteSmokeTranslator folder moved successfully.
C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blinkx beat folder moved successfully.
C:\Users\Todd\AppData\Local\CRE folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\Todd\AppData\Local\Conduit folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmokeTranslator folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz\plugins folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz\components folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz\chrome\content folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz\chrome folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome\content\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome\content\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome\content\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome\content\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome\content\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome\content folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\welcome folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates\img\tree folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates\img\screens folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\templates folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\settings\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\settings\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\settings\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\settings\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\settings\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\settings\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\settings\css folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\settings folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\registration\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\registration\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\registration\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\registration\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\registration folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\notifier\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\notifier folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\content\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\content\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\content\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\content\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\content\content\demo folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\content\content folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help\content folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\help folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\js\NonPackedVersion folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\spelling folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\screens folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\scale folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\review-section folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\Menu folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\grammar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\enrichments folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\enrichment folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\dictionary folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\gui folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\floatingMenu folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\floatingButton_howto\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\floatingButton_howto\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\floatingButton_howto\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\floatingButton_howto\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\floatingButton_howto\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\floatingButton_howto folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\floatingButton folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\content\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\content\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\Background\attic folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\content\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome\content folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientWelcome folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientSettings\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientSettings\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientSettings\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientSettings\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientSettings\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientSettings\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientSettings\css folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientSettings folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientRegistration\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientRegistration\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientRegistration\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientRegistration\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientRegistration folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\content\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\content\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\content\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\content\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\content\content\demo folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\content\content folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp\content folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientHelp folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\img\popup folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dict\style folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dict\js folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dict\img\popup folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dict\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dict\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dict\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dict\img folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dict folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html\english folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator\html folder moved successfully.
C:\Program Files (x86)\WhiteSmokeTranslator folder moved successfully.
C:\ProgramData\3f16ea4990da1f23fd715e0366e54d81_c moved successfully.
C:\Users\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmokeTranslator.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Todd\Desktop\Security\cmd.bat deleted successfully.
C:\Users\Todd\Desktop\Security\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Todd
->Java cache emptied: 2559990 bytes

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Todd
->Flash cache emptied: 69533 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.44.0 log created on 05312012_130808

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 31 May 2012 - 09:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 seabeetod

seabeetod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 01 June 2012 - 12:44 AM

ComboFix 12-05-31.03 - Todd 06/01/2012 0:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.7011 [GMT -5:00]
Running from: c:\users\Todd\Desktop\Security\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\users\Todd\AppData\Roaming\.#
c:\users\Todd\ComgenieAwesomeFilesplitter.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 05:22 . 2012-06-01 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 18:08 . 2012-05-31 18:08 -------- d-----w- C:\_OTL
2012-05-30 17:02 . 2012-05-30 17:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-30 16:37 . 2012-05-30 16:37 388096 ----a-r- c:\users\Todd\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-30 16:37 . 2012-05-30 16:37 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-30 16:08 . 2012-05-30 17:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-28 19:49 . 2012-05-28 19:49 842 ----a-w- C:\user.js
2012-05-28 19:49 . 2012-05-29 16:56 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-05-26 04:00 . 2012-05-28 00:13 -------- d-----w- c:\programdata\blekko toolbars
2012-05-26 04:00 . 2012-05-26 04:00 -------- d-----w- c:\users\Todd\AppData\Local\blekkotb_031
2012-05-26 04:00 . 2012-05-29 16:59 -------- d-----w- c:\programdata\Tarma Installer
2012-05-26 04:00 . 2012-05-26 04:00 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-05-13 16:13 . 2012-05-28 00:09 -------- d-----w- c:\program files (x86)\7-Zip
2012-05-11 08:01 . 2012-05-11 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-11 08:01 . 2012-05-11 08:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-05 15:46 . 2012-06-01 05:24 -------- d-----w- c:\programdata\boost_interprocess
2012-05-05 15:46 . 2012-05-31 18:11 -------- d-----w- c:\users\Todd\AppData\Roaming\Skype
2012-05-05 15:46 . 2012-05-05 15:46 -------- d-----r- c:\program files (x86)\Skype
2012-05-05 15:46 . 2012-05-05 15:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-05 15:46 . 2012-05-05 15:46 -------- d-----w- c:\programdata\Skype
2012-05-05 13:34 . 2012-05-26 15:49 -------- d-----w- c:\users\Todd\AppData\Roaming\.minecraft
2012-05-02 20:35 . 2012-05-03 20:49 -------- d-----w- c:\users\Todd\AppData\Roaming\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 17:02 . 2011-05-27 15:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 07:48 . 2010-03-02 14:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-09 07:48 . 2010-03-02 14:40 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-09 07:48 . 2010-05-19 06:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-09 07:48 . 2010-04-01 06:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-28 15:12 . 2011-01-10 03:06 644496 ----a-w- c:\users\Todd\EBOOT.BIN
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 20:56 . 2011-03-24 01:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 07:58 . 2010-03-05 07:32 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-24 07:57 . 2010-03-05 07:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-24 07:57 . 2010-06-03 06:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-24 07:57 . 2010-03-02 14:40 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-19 10:17 . 2012-03-19 10:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-04 17:19 . 2010-04-23 11:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 17:02]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2012-05-30 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
FF - ProfilePath - c:\users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8ujcUcmh
FF - user.js: extensions.incredibar_i.upn2n - 92824439394731701
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8ujcUcmh&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 780e0ab90000000000000626824725b7
FF - user.js: extensions.incredibar_i.instlDay - 15488
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:49
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0,
c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\
"rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-06-01 00:28:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 05:28
.
Pre-Run: 852,185,411,584 bytes free
Post-Run: 854,210,535,424 bytes free
.
- - End Of File - - FFE245ACEC6A492467629A35E6AC939F

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 01 June 2012 - 01:20 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 seabeetod

seabeetod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 01 June 2012 - 12:58 PM

12:35:09.0149 0928 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:35:09.0601 0928 ============================================================
12:35:09.0601 0928 Current date / time: 2012/06/01 12:35:09.0601
12:35:09.0601 0928 SystemInfo:
12:35:09.0601 0928
12:35:09.0601 0928 OS Version: 6.1.7601 ServicePack: 1.0
12:35:09.0601 0928 Product type: Workstation
12:35:09.0601 0928 ComputerName: TODD-PC
12:35:09.0601 0928 UserName: Todd
12:35:09.0601 0928 Windows directory: C:\Windows
12:35:09.0601 0928 System windows directory: C:\Windows
12:35:09.0601 0928 Running under WOW64
12:35:09.0601 0928 Processor architecture: Intel x64
12:35:09.0601 0928 Number of processors: 4
12:35:09.0601 0928 Page size: 0x1000
12:35:09.0601 0928 Boot type: Normal boot
12:35:09.0601 0928 ============================================================
12:35:09.0929 0928 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:35:09.0944 0928 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:35:09.0976 0928 ============================================================
12:35:09.0976 0928 \Device\Harddisk0\DR0:
12:35:09.0976 0928 MBR partitions:
12:35:09.0976 0928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:35:09.0976 0928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x730DE800
12:35:09.0976 0928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x73111000, BlocksNum 0x15F5000
12:35:09.0976 0928 \Device\Harddisk1\DR1:
12:35:09.0976 0928 MBR partitions:
12:35:09.0976 0928 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
12:35:09.0976 0928 ============================================================
12:35:09.0991 0928 C: <-> \Device\Harddisk0\DR0\Partition1
12:35:10.0038 0928 D: <-> \Device\Harddisk0\DR0\Partition2
12:35:10.0069 0928 N: <-> \Device\Harddisk1\DR1\Partition0
12:35:10.0069 0928 ============================================================
12:35:10.0069 0928 Initialize success
12:35:10.0069 0928 ============================================================
12:35:19.0304 2992 ============================================================
12:35:19.0304 2992 Scan started
12:35:19.0304 2992 Mode: Manual;
12:35:19.0304 2992 ============================================================
12:35:19.0632 2992 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:35:19.0632 2992 1394ohci - ok
12:35:19.0663 2992 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:35:19.0679 2992 ACPI - ok
12:35:19.0694 2992 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:35:19.0710 2992 AcpiPmi - ok
12:35:19.0819 2992 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:35:19.0835 2992 AdobeFlashPlayerUpdateSvc - ok
12:35:19.0882 2992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:35:19.0897 2992 adp94xx - ok
12:35:19.0944 2992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:35:19.0944 2992 adpahci - ok
12:35:19.0975 2992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:35:19.0991 2992 adpu320 - ok
12:35:20.0006 2992 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:35:20.0006 2992 AeLookupSvc - ok
12:35:20.0069 2992 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:35:20.0084 2992 AFD - ok
12:35:20.0116 2992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:35:20.0116 2992 agp440 - ok
12:35:20.0162 2992 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:35:20.0162 2992 ALG - ok
12:35:20.0194 2992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:35:20.0194 2992 aliide - ok
12:35:20.0209 2992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:35:20.0209 2992 amdide - ok
12:35:20.0240 2992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:35:20.0240 2992 AmdK8 - ok
12:35:20.0256 2992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:35:20.0256 2992 AmdPPM - ok
12:35:20.0287 2992 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:35:20.0287 2992 amdsata - ok
12:35:20.0318 2992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:35:20.0318 2992 amdsbs - ok
12:35:20.0350 2992 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:35:20.0350 2992 amdxata - ok
12:35:20.0396 2992 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:35:20.0396 2992 AppID - ok
12:35:20.0428 2992 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:35:20.0428 2992 AppIDSvc - ok
12:35:20.0474 2992 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:35:20.0474 2992 Appinfo - ok
12:35:20.0552 2992 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:35:20.0552 2992 Apple Mobile Device - ok
12:35:20.0584 2992 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:35:20.0599 2992 arc - ok
12:35:20.0630 2992 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:35:20.0630 2992 arcsas - ok
12:35:20.0771 2992 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:35:20.0771 2992 aspnet_state - ok
12:35:20.0818 2992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:35:20.0818 2992 AsyncMac - ok
12:35:20.0849 2992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:35:20.0849 2992 atapi - ok
12:35:20.0942 2992 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
12:35:20.0958 2992 athr - ok
12:35:21.0098 2992 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:35:21.0114 2992 AudioEndpointBuilder - ok
12:35:21.0114 2992 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:35:21.0130 2992 AudioSrv - ok
12:35:21.0442 2992 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:35:21.0473 2992 AVGIDSAgent - ok
12:35:21.0582 2992 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:35:21.0582 2992 AVGIDSDriver - ok
12:35:21.0613 2992 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:35:21.0613 2992 AVGIDSFilter - ok
12:35:21.0644 2992 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:35:21.0660 2992 AVGIDSHA - ok
12:35:21.0691 2992 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:35:21.0691 2992 Avgldx64 - ok
12:35:21.0722 2992 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:35:21.0722 2992 Avgmfx64 - ok
12:35:21.0754 2992 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:35:21.0754 2992 Avgrkx64 - ok
12:35:21.0785 2992 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:35:21.0785 2992 Avgtdia - ok
12:35:21.0863 2992 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:35:21.0863 2992 avgwd - ok
12:35:21.0894 2992 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:35:21.0894 2992 AxInstSV - ok
12:35:21.0941 2992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:35:21.0941 2992 b06bdrv - ok
12:35:21.0972 2992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:35:21.0972 2992 b57nd60a - ok
12:35:22.0034 2992 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:35:22.0034 2992 BBSvc - ok
12:35:22.0081 2992 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:35:22.0081 2992 BBUpdate - ok
12:35:22.0112 2992 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:35:22.0112 2992 BDESVC - ok
12:35:22.0128 2992 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:35:22.0128 2992 Beep - ok
12:35:22.0206 2992 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:35:22.0206 2992 BFE - ok
12:35:22.0268 2992 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:35:22.0284 2992 BITS - ok
12:35:22.0315 2992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:35:22.0315 2992 blbdrive - ok
12:35:22.0378 2992 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:35:22.0393 2992 Bonjour Service - ok
12:35:22.0424 2992 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:35:22.0424 2992 bowser - ok
12:35:22.0456 2992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:35:22.0456 2992 BrFiltLo - ok
12:35:22.0471 2992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:35:22.0471 2992 BrFiltUp - ok
12:35:22.0502 2992 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:35:22.0502 2992 BridgeMP - ok
12:35:22.0549 2992 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:35:22.0549 2992 Browser - ok
12:35:22.0580 2992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:35:22.0580 2992 Brserid - ok
12:35:22.0596 2992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:35:22.0596 2992 BrSerWdm - ok
12:35:22.0627 2992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:35:22.0643 2992 BrUsbMdm - ok
12:35:22.0643 2992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:35:22.0643 2992 BrUsbSer - ok
12:35:22.0674 2992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:35:22.0674 2992 BTHMODEM - ok
12:35:22.0705 2992 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:35:22.0705 2992 bthserv - ok
12:35:22.0721 2992 catchme - ok
12:35:22.0736 2992 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:35:22.0736 2992 cdfs - ok
12:35:22.0783 2992 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:35:22.0783 2992 cdrom - ok
12:35:22.0830 2992 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:35:22.0830 2992 CertPropSvc - ok
12:35:22.0861 2992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:35:22.0861 2992 circlass - ok
12:35:22.0892 2992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:35:22.0908 2992 CLFS - ok
12:35:22.0955 2992 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:35:22.0955 2992 clr_optimization_v2.0.50727_32 - ok
12:35:22.0986 2992 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:35:22.0986 2992 clr_optimization_v2.0.50727_64 - ok
12:35:23.0064 2992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:35:23.0064 2992 clr_optimization_v4.0.30319_32 - ok
12:35:23.0080 2992 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:35:23.0095 2992 clr_optimization_v4.0.30319_64 - ok
12:35:23.0111 2992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:35:23.0111 2992 CmBatt - ok
12:35:23.0126 2992 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:35:23.0126 2992 cmdide - ok
12:35:23.0189 2992 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:35:23.0189 2992 CNG - ok
12:35:23.0204 2992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:35:23.0204 2992 Compbatt - ok
12:35:23.0251 2992 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:35:23.0251 2992 CompositeBus - ok
12:35:23.0251 2992 COMSysApp - ok
12:35:23.0267 2992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:35:23.0267 2992 crcdisk - ok
12:35:23.0329 2992 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:35:23.0329 2992 CryptSvc - ok
12:35:23.0360 2992 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:35:23.0360 2992 DcomLaunch - ok
12:35:23.0407 2992 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:35:23.0423 2992 defragsvc - ok
12:35:23.0454 2992 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:35:23.0454 2992 DfsC - ok
12:35:23.0485 2992 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
12:35:23.0501 2992 dg_ssudbus - ok
12:35:23.0563 2992 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:35:23.0563 2992 Dhcp - ok
12:35:23.0594 2992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:35:23.0594 2992 discache - ok
12:35:23.0610 2992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:35:23.0626 2992 Disk - ok
12:35:23.0657 2992 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:35:23.0657 2992 Dnscache - ok
12:35:23.0719 2992 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:35:23.0719 2992 dot3svc - ok
12:35:23.0813 2992 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:35:23.0813 2992 Dot4 - ok
12:35:23.0844 2992 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
12:35:23.0844 2992 Dot4Print - ok
12:35:23.0875 2992 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:35:23.0875 2992 dot4usb - ok
12:35:23.0922 2992 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:35:23.0922 2992 DPS - ok
12:35:23.0953 2992 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:35:23.0953 2992 drmkaud - ok
12:35:24.0047 2992 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:35:24.0062 2992 DXGKrnl - ok
12:35:24.0094 2992 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:35:24.0094 2992 EapHost - ok
12:35:24.0250 2992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:35:24.0281 2992 ebdrv - ok
12:35:24.0390 2992 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:35:24.0390 2992 EFS - ok
12:35:24.0468 2992 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:35:24.0484 2992 ehRecvr - ok
12:35:24.0515 2992 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:35:24.0515 2992 ehSched - ok
12:35:24.0577 2992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:35:24.0593 2992 elxstor - ok
12:35:24.0624 2992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:35:24.0624 2992 ErrDev - ok
12:35:24.0671 2992 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:35:24.0671 2992 EventSystem - ok
12:35:24.0702 2992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:35:24.0702 2992 exfat - ok
12:35:24.0733 2992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:35:24.0733 2992 fastfat - ok
12:35:24.0796 2992 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:35:24.0796 2992 Fax - ok
12:35:24.0811 2992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:35:24.0811 2992 fdc - ok
12:35:24.0842 2992 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:35:24.0842 2992 fdPHost - ok
12:35:24.0858 2992 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:35:24.0858 2992 FDResPub - ok
12:35:24.0874 2992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:35:24.0889 2992 FileInfo - ok
12:35:24.0905 2992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:35:24.0905 2992 Filetrace - ok
12:35:24.0905 2992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:35:24.0920 2992 flpydisk - ok
12:35:24.0952 2992 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:35:24.0952 2992 FltMgr - ok
12:35:25.0030 2992 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:35:25.0045 2992 FontCache - ok
12:35:25.0108 2992 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:35:25.0108 2992 FontCache3.0.0.0 - ok
12:35:25.0154 2992 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:35:25.0154 2992 FsDepends - ok
12:35:25.0186 2992 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:35:25.0186 2992 Fs_Rec - ok
12:35:25.0248 2992 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:35:25.0248 2992 fvevol - ok
12:35:25.0279 2992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:35:25.0279 2992 gagp30kx - ok
12:35:25.0357 2992 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:35:25.0357 2992 GamesAppService - ok
12:35:25.0404 2992 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:35:25.0404 2992 GEARAspiWDM - ok
12:35:25.0482 2992 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:35:25.0498 2992 gpsvc - ok
12:35:25.0591 2992 HCW85BDA (6d0f56d217545e2d0addbf301b35260f) C:\Windows\system32\drivers\HCW85BDA.sys
12:35:25.0622 2992 HCW85BDA - ok
12:35:25.0716 2992 hcw85cir (25581dcfe6cb06cc0e48fa5b63f67532) C:\Windows\system32\drivers\hcw85cir3.sys
12:35:25.0732 2992 hcw85cir - ok
12:35:25.0778 2992 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:35:25.0778 2992 HDAudBus - ok
12:35:25.0794 2992 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:35:25.0794 2992 HECIx64 - ok
12:35:25.0825 2992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:35:25.0825 2992 HidBatt - ok
12:35:25.0841 2992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:35:25.0841 2992 HidBth - ok
12:35:25.0872 2992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:35:25.0872 2992 HidIr - ok
12:35:25.0888 2992 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:35:25.0903 2992 hidserv - ok
12:35:25.0934 2992 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:35:25.0950 2992 HidUsb - ok
12:35:25.0981 2992 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:35:25.0981 2992 hkmsvc - ok
12:35:26.0028 2992 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:35:26.0028 2992 HomeGroupListener - ok
12:35:26.0075 2992 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:35:26.0075 2992 HomeGroupProvider - ok
12:35:26.0153 2992 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:35:26.0168 2992 HP Support Assistant Service - ok
12:35:26.0184 2992 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:35:26.0184 2992 HPDrvMntSvc.exe - ok
12:35:26.0278 2992 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:35:26.0278 2992 hpqcxs08 - ok
12:35:26.0293 2992 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:35:26.0293 2992 hpqddsvc - ok
12:35:26.0371 2992 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:35:26.0387 2992 hpqwmiex - ok
12:35:26.0512 2992 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:35:26.0512 2992 HpSAMD - ok
12:35:26.0621 2992 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:35:26.0636 2992 HPSLPSVC - ok
12:35:26.0699 2992 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:35:26.0714 2992 HTTP - ok
12:35:26.0746 2992 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:35:26.0746 2992 hwpolicy - ok
12:35:26.0792 2992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:35:26.0808 2992 i8042prt - ok
12:35:26.0839 2992 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
12:35:26.0855 2992 iaStor - ok
12:35:26.0902 2992 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:35:26.0902 2992 IAStorDataMgrSvc - ok
12:35:26.0964 2992 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:35:26.0964 2992 iaStorV - ok
12:35:27.0042 2992 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:35:27.0058 2992 IDriverT - ok
12:35:27.0151 2992 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:35:27.0167 2992 idsvc - ok
12:35:27.0229 2992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:35:27.0229 2992 iirsp - ok
12:35:27.0307 2992 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:35:27.0323 2992 IKEEXT - ok
12:35:27.0432 2992 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
12:35:27.0448 2992 IntcAzAudAddService - ok
12:35:27.0557 2992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:35:27.0557 2992 intelide - ok
12:35:27.0588 2992 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:35:27.0604 2992 intelppm - ok
12:35:27.0635 2992 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:35:27.0635 2992 IPBusEnum - ok
12:35:27.0666 2992 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:35:27.0666 2992 IpFilterDriver - ok
12:35:27.0728 2992 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:35:27.0728 2992 iphlpsvc - ok
12:35:27.0760 2992 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:35:27.0760 2992 IPMIDRV - ok
12:35:27.0791 2992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:35:27.0791 2992 IPNAT - ok
12:35:27.0884 2992 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:35:27.0900 2992 iPod Service - ok
12:35:27.0916 2992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:35:27.0916 2992 IRENUM - ok
12:35:27.0931 2992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:35:27.0947 2992 isapnp - ok
12:35:27.0962 2992 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:35:27.0978 2992 iScsiPrt - ok
12:35:27.0994 2992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:35:27.0994 2992 kbdclass - ok
12:35:28.0009 2992 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:35:28.0009 2992 kbdhid - ok
12:35:28.0040 2992 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:35:28.0040 2992 KeyIso - ok
12:35:28.0056 2992 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:35:28.0056 2992 KSecDD - ok
12:35:28.0072 2992 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:35:28.0072 2992 KSecPkg - ok
12:35:28.0087 2992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:35:28.0103 2992 ksthunk - ok
12:35:28.0134 2992 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:35:28.0134 2992 KtmRm - ok
12:35:28.0181 2992 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:35:28.0181 2992 LanmanServer - ok
12:35:28.0228 2992 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:35:28.0228 2992 LanmanWorkstation - ok
12:35:28.0290 2992 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:35:28.0290 2992 LightScribeService - ok
12:35:28.0321 2992 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:35:28.0321 2992 lltdio - ok
12:35:28.0352 2992 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:35:28.0352 2992 lltdsvc - ok
12:35:28.0384 2992 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:35:28.0384 2992 lmhosts - ok
12:35:28.0415 2992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:35:28.0415 2992 LSI_FC - ok
12:35:28.0430 2992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:35:28.0430 2992 LSI_SAS - ok
12:35:28.0446 2992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:35:28.0446 2992 LSI_SAS2 - ok
12:35:28.0462 2992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:35:28.0462 2992 LSI_SCSI - ok
12:35:28.0493 2992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:35:28.0493 2992 luafv - ok
12:35:28.0524 2992 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:35:28.0524 2992 Mcx2Svc - ok
12:35:28.0540 2992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:35:28.0540 2992 megasas - ok
12:35:28.0571 2992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:35:28.0571 2992 MegaSR - ok
12:35:28.0602 2992 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:35:28.0602 2992 MMCSS - ok
12:35:28.0602 2992 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:35:28.0602 2992 Modem - ok
12:35:28.0633 2992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:35:28.0633 2992 monitor - ok
12:35:28.0711 2992 MotoHelper (2443b978e80f8a3d1f39855aa25882af) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
12:35:28.0711 2992 MotoHelper - ok
12:35:28.0758 2992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:35:28.0758 2992 mouclass - ok
12:35:28.0789 2992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:35:28.0789 2992 mouhid - ok
12:35:28.0820 2992 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:35:28.0820 2992 mountmgr - ok
12:35:28.0852 2992 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:35:28.0867 2992 mpio - ok
12:35:28.0883 2992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:35:28.0883 2992 mpsdrv - ok
12:35:28.0945 2992 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:35:28.0961 2992 MpsSvc - ok
12:35:28.0992 2992 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:35:28.0992 2992 MRxDAV - ok
12:35:29.0039 2992 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:35:29.0039 2992 mrxsmb - ok
12:35:29.0086 2992 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:35:29.0086 2992 mrxsmb10 - ok
12:35:29.0101 2992 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:35:29.0101 2992 mrxsmb20 - ok
12:35:29.0132 2992 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:35:29.0132 2992 msahci - ok
12:35:29.0164 2992 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:35:29.0164 2992 msdsm - ok
12:35:29.0195 2992 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:35:29.0195 2992 MSDTC - ok
12:35:29.0210 2992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:35:29.0226 2992 Msfs - ok
12:35:29.0242 2992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:35:29.0242 2992 mshidkmdf - ok
12:35:29.0242 2992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:35:29.0257 2992 msisadrv - ok
12:35:29.0273 2992 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:35:29.0288 2992 MSiSCSI - ok
12:35:29.0288 2992 msiserver - ok
12:35:29.0304 2992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:35:29.0304 2992 MSKSSRV - ok
12:35:29.0320 2992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:35:29.0320 2992 MSPCLOCK - ok
12:35:29.0320 2992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:35:29.0335 2992 MSPQM - ok
12:35:29.0382 2992 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:35:29.0382 2992 MsRPC - ok
12:35:29.0413 2992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:35:29.0413 2992 mssmbios - ok
12:35:29.0444 2992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:35:29.0444 2992 MSTEE - ok
12:35:29.0460 2992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:35:29.0460 2992 MTConfig - ok
12:35:29.0476 2992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:35:29.0476 2992 Mup - ok
12:35:29.0522 2992 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:35:29.0522 2992 napagent - ok
12:35:29.0569 2992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:35:29.0569 2992 NativeWifiP - ok
12:35:29.0647 2992 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:35:29.0663 2992 NDIS - ok
12:35:29.0678 2992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:35:29.0678 2992 NdisCap - ok
12:35:29.0694 2992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:35:29.0710 2992 NdisTapi - ok
12:35:29.0741 2992 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:35:29.0741 2992 Ndisuio - ok
12:35:29.0772 2992 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:35:29.0772 2992 NdisWan - ok
12:35:29.0788 2992 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:35:29.0788 2992 NDProxy - ok
12:35:29.0850 2992 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
12:35:29.0866 2992 Net Driver HPZ12 - ok
12:35:29.0897 2992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:35:29.0897 2992 NetBIOS - ok
12:35:29.0928 2992 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:35:29.0944 2992 NetBT - ok
12:35:29.0975 2992 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:35:29.0975 2992 Netlogon - ok
12:35:30.0022 2992 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:35:30.0037 2992 Netman - ok
12:35:30.0115 2992 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:35:30.0115 2992 NetMsmqActivator - ok
12:35:30.0131 2992 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:35:30.0131 2992 NetPipeActivator - ok
12:35:30.0178 2992 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:35:30.0178 2992 netprofm - ok
12:35:30.0178 2992 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:35:30.0178 2992 NetTcpActivator - ok
12:35:30.0193 2992 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:35:30.0193 2992 NetTcpPortSharing - ok
12:35:30.0256 2992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:35:30.0256 2992 nfrd960 - ok
12:35:30.0302 2992 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:35:30.0302 2992 NlaSvc - ok
12:35:30.0318 2992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:35:30.0318 2992 Npfs - ok
12:35:30.0349 2992 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:35:30.0349 2992 nsi - ok
12:35:30.0365 2992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:35:30.0365 2992 nsiproxy - ok
12:35:30.0474 2992 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:35:30.0490 2992 Ntfs - ok
12:35:30.0583 2992 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:35:30.0583 2992 Null - ok
12:35:31.0082 2992 nvlddmkm (76e6d4105c26fda2b6cd665d81af24a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:35:31.0114 2992 nvlddmkm - ok
12:35:31.0238 2992 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:35:31.0238 2992 nvraid - ok
12:35:31.0270 2992 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:35:31.0270 2992 nvstor - ok
12:35:31.0316 2992 nvsvc (ae28a5f647d1e412f5953c4acfa7b426) C:\Windows\system32\nvvsvc.exe
12:35:31.0316 2992 nvsvc - ok
12:35:31.0348 2992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:35:31.0348 2992 nv_agp - ok
12:35:31.0363 2992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:35:31.0379 2992 ohci1394 - ok
12:35:31.0394 2992 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:35:31.0410 2992 p2pimsvc - ok
12:35:31.0426 2992 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:35:31.0441 2992 p2psvc - ok
12:35:31.0472 2992 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:35:31.0472 2992 Parport - ok
12:35:31.0488 2992 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:35:31.0488 2992 partmgr - ok
12:35:31.0519 2992 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:35:31.0519 2992 PcaSvc - ok
12:35:31.0566 2992 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:35:31.0566 2992 pci - ok
12:35:31.0582 2992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:35:31.0582 2992 pciide - ok
12:35:31.0597 2992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:35:31.0597 2992 pcmcia - ok
12:35:31.0613 2992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:35:31.0613 2992 pcw - ok
12:35:31.0660 2992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:35:31.0675 2992 PEAUTH - ok
12:35:31.0738 2992 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:35:31.0738 2992 PerfHost - ok
12:35:31.0831 2992 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:35:31.0847 2992 pla - ok
12:35:31.0894 2992 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:35:31.0909 2992 PlugPlay - ok
12:35:31.0956 2992 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
12:35:31.0956 2992 Pml Driver HPZ12 - ok
12:35:31.0972 2992 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:35:31.0972 2992 PNRPAutoReg - ok
12:35:32.0003 2992 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:35:32.0018 2992 PNRPsvc - ok
12:35:32.0065 2992 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:35:32.0081 2992 PolicyAgent - ok
12:35:32.0112 2992 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:35:32.0112 2992 Power - ok
12:35:32.0174 2992 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:35:32.0174 2992 PptpMiniport - ok
12:35:32.0206 2992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:35:32.0206 2992 Processor - ok
12:35:32.0237 2992 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:35:32.0237 2992 ProfSvc - ok
12:35:32.0268 2992 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:35:32.0268 2992 ProtectedStorage - ok
12:35:32.0315 2992 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:35:32.0315 2992 Psched - ok
12:35:32.0393 2992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:35:32.0408 2992 ql2300 - ok
12:35:32.0533 2992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:35:32.0533 2992 ql40xx - ok
12:35:32.0580 2992 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:35:32.0580 2992 QWAVE - ok
12:35:32.0596 2992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:35:32.0596 2992 QWAVEdrv - ok
12:35:32.0611 2992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:35:32.0611 2992 RasAcd - ok
12:35:32.0627 2992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:35:32.0627 2992 RasAgileVpn - ok
12:35:32.0642 2992 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:35:32.0642 2992 RasAuto - ok
12:35:32.0674 2992 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:35:32.0674 2992 Rasl2tp - ok
12:35:32.0736 2992 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:35:32.0736 2992 RasMan - ok
12:35:32.0752 2992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:35:32.0752 2992 RasPppoe - ok
12:35:32.0767 2992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:35:32.0767 2992 RasSstp - ok
12:35:32.0798 2992 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:35:32.0814 2992 rdbss - ok
12:35:32.0830 2992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:35:32.0830 2992 rdpbus - ok
12:35:32.0845 2992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:35:32.0845 2992 RDPCDD - ok
12:35:32.0845 2992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:35:32.0845 2992 RDPENCDD - ok
12:35:32.0861 2992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:35:32.0861 2992 RDPREFMP - ok
12:35:32.0908 2992 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:35:32.0908 2992 RDPWD - ok
12:35:32.0954 2992 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:35:32.0954 2992 rdyboost - ok
12:35:32.0970 2992 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:35:32.0970 2992 RemoteAccess - ok
12:35:33.0001 2992 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:35:33.0001 2992 RemoteRegistry - ok
12:35:33.0017 2992 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:35:33.0032 2992 RpcEptMapper - ok
12:35:33.0032 2992 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:35:33.0032 2992 RpcLocator - ok
12:35:33.0079 2992 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
12:35:33.0095 2992 RpcSs - ok
12:35:33.0110 2992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:35:33.0126 2992 rspndr - ok
12:35:33.0142 2992 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:35:33.0157 2992 RTL8167 - ok
12:35:33.0188 2992 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:35:33.0188 2992 SamSs - ok
12:35:33.0220 2992 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:35:33.0220 2992 sbp2port - ok
12:35:33.0251 2992 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:35:33.0266 2992 SCardSvr - ok
12:35:33.0282 2992 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:35:33.0282 2992 scfilter - ok
12:35:33.0360 2992 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:35:33.0376 2992 Schedule - ok
12:35:33.0407 2992 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:35:33.0407 2992 SCPolicySvc - ok
12:35:33.0422 2992 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:35:33.0422 2992 SDRSVC - ok
12:35:33.0469 2992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:35:33.0469 2992 secdrv - ok
12:35:33.0500 2992 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:35:33.0500 2992 seclogon - ok
12:35:33.0532 2992 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:35:33.0532 2992 SENS - ok
12:35:33.0547 2992 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:35:33.0547 2992 SensrSvc - ok
12:35:33.0563 2992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:35:33.0563 2992 Serenum - ok
12:35:33.0578 2992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:35:33.0578 2992 Serial - ok
12:35:33.0610 2992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:35:33.0610 2992 sermouse - ok
12:35:33.0656 2992 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:35:33.0656 2992 SessionEnv - ok
12:35:33.0688 2992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:35:33.0688 2992 sffdisk - ok
12:35:33.0703 2992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:35:33.0703 2992 sffp_mmc - ok
12:35:33.0703 2992 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:35:33.0719 2992 sffp_sd - ok
12:35:33.0734 2992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:35:33.0734 2992 sfloppy - ok
12:35:33.0781 2992 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:35:33.0781 2992 SharedAccess - ok
12:35:33.0828 2992 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:35:33.0828 2992 ShellHWDetection - ok
12:35:33.0859 2992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:35:33.0859 2992 SiSRaid2 - ok
12:35:33.0875 2992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:35:33.0875 2992 SiSRaid4 - ok
12:35:34.0062 2992 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:35:34.0078 2992 Skype C2C Service - ok
12:35:34.0124 2992 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:35:34.0124 2992 SkypeUpdate - ok
12:35:34.0234 2992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:35:34.0234 2992 Smb - ok
12:35:34.0265 2992 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:35:34.0265 2992 SNMPTRAP - ok
12:35:34.0280 2992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:35:34.0280 2992 spldr - ok
12:35:34.0343 2992 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:35:34.0343 2992 Spooler - ok
12:35:34.0530 2992 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:35:34.0577 2992 sppsvc - ok
12:35:34.0670 2992 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:35:34.0670 2992 sppuinotify - ok
12:35:34.0733 2992 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:35:34.0748 2992 srv - ok
12:35:34.0780 2992 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:35:34.0780 2992 srv2 - ok
12:35:34.0795 2992 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:35:34.0795 2992 srvnet - ok
12:35:34.0842 2992 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
12:35:34.0842 2992 sscdbus - ok
12:35:34.0873 2992 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
12:35:34.0873 2992 sscdmdfl - ok
12:35:34.0889 2992 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
12:35:34.0889 2992 sscdmdm - ok
12:35:34.0920 2992 sscdserd (05ffa552f578e27ab2d41b6828db477f) C:\Windows\system32\DRIVERS\sscdserd.sys
12:35:34.0920 2992 sscdserd - ok
12:35:34.0936 2992 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:35:34.0951 2992 SSDPSRV - ok
12:35:34.0967 2992 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:35:34.0967 2992 SstpSvc - ok
12:35:34.0998 2992 Steam Client Service - ok
12:35:35.0029 2992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:35:35.0029 2992 stexstor - ok
12:35:35.0060 2992 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:35:35.0060 2992 StillCam - ok
12:35:35.0123 2992 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:35:35.0123 2992 stisvc - ok
12:35:35.0154 2992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:35:35.0154 2992 swenum - ok
12:35:35.0201 2992 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:35:35.0201 2992 swprv - ok
12:35:35.0310 2992 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:35:35.0341 2992 SysMain - ok
12:35:35.0435 2992 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:35:35.0435 2992 TabletInputService - ok
12:35:35.0466 2992 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:35:35.0466 2992 TapiSrv - ok
12:35:35.0497 2992 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:35:35.0497 2992 TBS - ok
12:35:35.0622 2992 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:35:35.0653 2992 Tcpip - ok
12:35:35.0840 2992 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:35:35.0856 2992 TCPIP6 - ok
12:35:35.0903 2992 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:35:35.0903 2992 tcpipreg - ok
12:35:35.0918 2992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:35:35.0918 2992 TDPIPE - ok
12:35:35.0950 2992 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:35:35.0950 2992 TDTCP - ok
12:35:35.0981 2992 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:35:35.0981 2992 tdx - ok
12:35:36.0028 2992 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:35:36.0028 2992 TermDD - ok
12:35:36.0074 2992 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:35:36.0090 2992 TermService - ok
12:35:36.0106 2992 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:35:36.0106 2992 Themes - ok
12:35:36.0121 2992 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:35:36.0137 2992 THREADORDER - ok
12:35:36.0137 2992 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:35:36.0152 2992 TrkWks - ok
12:35:36.0199 2992 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:35:36.0199 2992 TrustedInstaller - ok
12:35:36.0230 2992 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:35:36.0230 2992 tssecsrv - ok
12:35:36.0277 2992 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:35:36.0277 2992 TsUsbFlt - ok
12:35:36.0340 2992 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:35:36.0340 2992 tunnel - ok
12:35:36.0355 2992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:35:36.0355 2992 uagp35 - ok
12:35:36.0418 2992 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:35:36.0418 2992 udfs - ok
12:35:36.0433 2992 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:35:36.0433 2992 UI0Detect - ok
12:35:36.0464 2992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:35:36.0480 2992 uliagpkx - ok
12:35:36.0511 2992 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:35:36.0511 2992 umbus - ok
12:35:36.0542 2992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:35:36.0542 2992 UmPass - ok
12:35:36.0574 2992 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:35:36.0574 2992 upnphost - ok
12:35:36.0605 2992 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:35:36.0605 2992 USBAAPL64 - ok
12:35:36.0667 2992 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:35:36.0667 2992 usbaudio - ok
12:35:36.0698 2992 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
12:35:36.0698 2992 usbbus - ok
12:35:36.0730 2992 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:35:36.0730 2992 usbccgp - ok
12:35:36.0745 2992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:35:36.0761 2992 usbcir - ok
12:35:36.0776 2992 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
12:35:36.0776 2992 UsbDiag - ok
12:35:36.0792 2992 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:35:36.0792 2992 usbehci - ok
12:35:36.0823 2992 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:35:36.0839 2992 usbhub - ok
12:35:36.0839 2992 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
12:35:36.0839 2992 USBModem - ok
12:35:36.0870 2992 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:35:36.0870 2992 usbohci - ok
12:35:36.0886 2992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:35:36.0901 2992 usbprint - ok
12:35:36.0917 2992 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:35:36.0917 2992 usbscan - ok
12:35:36.0932 2992 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:35:36.0932 2992 USBSTOR - ok
12:35:36.0948 2992 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:35:36.0948 2992 usbuhci - ok
12:35:36.0979 2992 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:35:36.0979 2992 UxSms - ok
12:35:37.0010 2992 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:35:37.0010 2992 VaultSvc - ok
12:35:37.0057 2992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:35:37.0057 2992 vdrvroot - ok
12:35:37.0104 2992 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:35:37.0120 2992 vds - ok
12:35:37.0135 2992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:35:37.0135 2992 vga - ok
12:35:37.0151 2992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:35:37.0151 2992 VgaSave - ok
12:35:37.0182 2992 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:35:37.0182 2992 vhdmp - ok
12:35:37.0198 2992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:35:37.0198 2992 viaide - ok
12:35:37.0229 2992 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:35:37.0229 2992 volmgr - ok
12:35:37.0276 2992 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:35:37.0276 2992 volmgrx - ok
12:35:37.0307 2992 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:35:37.0307 2992 volsnap - ok
12:35:37.0338 2992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:35:37.0338 2992 vsmraid - ok
12:35:37.0432 2992 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:35:37.0463 2992 VSS - ok
12:35:37.0572 2992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:35:37.0572 2992 vwifibus - ok
12:35:37.0588 2992 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:35:37.0588 2992 vwififlt - ok
12:35:37.0619 2992 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:35:37.0619 2992 vwifimp - ok
12:35:37.0666 2992 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:35:37.0681 2992 W32Time - ok
12:35:37.0697 2992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:35:37.0697 2992 WacomPen - ok
12:35:37.0744 2992 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:35:37.0744 2992 WANARP - ok
12:35:37.0744 2992 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:35:37.0744 2992 Wanarpv6 - ok
12:35:37.0853 2992 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:35:37.0868 2992 WatAdminSvc - ok
12:35:37.0962 2992 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:35:37.0993 2992 wbengine - ok
12:35:38.0087 2992 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:35:38.0102 2992 WbioSrvc - ok
12:35:38.0149 2992 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:35:38.0149 2992 wcncsvc - ok
12:35:38.0165 2992 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:35:38.0180 2992 WcsPlugInService - ok
12:35:38.0212 2992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:35:38.0212 2992 Wd - ok
12:35:38.0258 2992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:35:38.0258 2992 Wdf01000 - ok
12:35:38.0290 2992 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:35:38.0290 2992 WdiServiceHost - ok
12:35:38.0290 2992 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:35:38.0290 2992 WdiSystemHost - ok
12:35:38.0336 2992 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:35:38.0336 2992 WebClient - ok
12:35:38.0368 2992 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:35:38.0368 2992 Wecsvc - ok
12:35:38.0383 2992 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:35:38.0399 2992 wercplsupport - ok
12:35:38.0414 2992 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:35:38.0430 2992 WerSvc - ok
12:35:38.0477 2992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:35:38.0477 2992 WfpLwf - ok
12:35:38.0492 2992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:35:38.0492 2992 WIMMount - ok
12:35:38.0524 2992 WinDefend - ok
12:35:38.0539 2992 WinHttpAutoProxySvc - ok
12:35:38.0586 2992 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:35:38.0586 2992 Winmgmt - ok
12:35:38.0711 2992 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:35:38.0726 2992 WinRM - ok
12:35:38.0867 2992 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:35:38.0867 2992 WinUsb - ok
12:35:38.0914 2992 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:35:38.0929 2992 Wlansvc - ok
12:35:39.0101 2992 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:35:39.0116 2992 wlidsvc - ok
12:35:39.0241 2992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:35:39.0241 2992 WmiAcpi - ok
12:35:39.0288 2992 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:35:39.0288 2992 wmiApSrv - ok
12:35:39.0335 2992 WMPNetworkSvc - ok
12:35:39.0366 2992 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:35:39.0366 2992 WPCSvc - ok
12:35:39.0397 2992 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:35:39.0397 2992 WPDBusEnum - ok
12:35:39.0413 2992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:35:39.0413 2992 ws2ifsl - ok
12:35:39.0428 2992 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:35:39.0444 2992 wscsvc - ok
12:35:39.0444 2992 WSearch - ok
12:35:39.0553 2992 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:35:39.0584 2992 wuauserv - ok
12:35:39.0709 2992 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:35:39.0709 2992 WudfPf - ok
12:35:39.0740 2992 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:35:39.0740 2992 WUDFRd - ok
12:35:39.0787 2992 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:35:39.0787 2992 wudfsvc - ok
12:35:39.0803 2992 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:35:39.0818 2992 WwanSvc - ok
12:35:39.0850 2992 MBR (0x1B8) (2cbbf6845531394dd7a6f1149f5c6770) \Device\Harddisk0\DR0
12:35:40.0021 2992 \Device\Harddisk0\DR0 - ok
12:35:40.0037 2992 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
12:35:47.0088 2992 \Device\Harddisk1\DR1 - ok
12:35:47.0104 2992 Boot (0x1200) (df9a0d519de84e1bc43093a4a9e89c37) \Device\Harddisk0\DR0\Partition0
12:35:47.0104 2992 \Device\Harddisk0\DR0\Partition0 - ok
12:35:47.0119 2992 Boot (0x1200) (f1e343cdd1b6416b6118d96e127c9ed2) \Device\Harddisk0\DR0\Partition1
12:35:47.0119 2992 \Device\Harddisk0\DR0\Partition1 - ok
12:35:47.0151 2992 Boot (0x1200) (35719ba18f52a648d234367d05c47589) \Device\Harddisk0\DR0\Partition2
12:35:47.0151 2992 \Device\Harddisk0\DR0\Partition2 - ok
12:35:47.0182 2992 Boot (0x1200) (ae13304c3948f41b452a8cebca2b3463) \Device\Harddisk1\DR1\Partition0
12:35:47.0182 2992 \Device\Harddisk1\DR1\Partition0 - ok
12:35:47.0182 2992 ============================================================
12:35:47.0182 2992 Scan finished
12:35:47.0182 2992 ============================================================
12:35:47.0197 3300 Detected object count: 0
12:35:47.0197 3300 Actual detected object count: 0
12:38:59.0998 6100 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-01 12:40:54
-----------------------------
12:40:54.405 OS Version: Windows x64 6.1.7601 Service Pack 1
12:40:54.405 Number of processors: 4 586 0x2502
12:40:54.405 ComputerName: TODD-PC UserName: Todd
12:40:55.933 Initialize success
12:41:34.725 AVAST engine defs: 12060100
12:41:57.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:41:57.345 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 8
12:41:57.345 Disk 0 MBR read successfully
12:41:57.345 Disk 0 MBR scan
12:41:57.361 Disk 0 unknown MBR code
12:41:57.361 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:41:57.377 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942525 MB offset 206848
12:41:57.423 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11242 MB offset 1930498048
12:41:57.455 Disk 0 scanning C:\Windows\system32\drivers
12:42:05.567 Service scanning
12:42:26.424 Modules scanning
12:42:26.424 Disk 0 trace - called modules:
12:42:26.439 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:42:26.455 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b5e060]
12:42:26.455 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800789c050]
12:42:27.921 AVAST engine scan C:\Windows
12:42:31.104 AVAST engine scan C:\Windows\system32
12:44:51.225 AVAST engine scan C:\Windows\system32\drivers
12:45:01.787 AVAST engine scan C:\Users\Todd
12:52:47.498 AVAST engine scan C:\ProgramData
12:54:07.433 Scan finished successfully
12:54:25.076 Disk 0 MBR has been saved successfully to "C:\Users\Todd\Desktop\Security\MBR.dat"
12:54:25.076 The log file has been saved successfully to "C:\Users\Todd\Desktop\Security\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 03 June 2012 - 08:47 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 03 June 2012 - 08:48 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 seabeetod

seabeetod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 04 June 2012 - 10:16 AM

ComboFix 12-06-03.05 - Todd 06/04/2012 8:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6644 [GMT -5:00]
Running from: c:\users\Todd\Desktop\Security\ComboFix.exe
Command switches used :: c:\users\Todd\Desktop\Security\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 13:15 . 2012-06-04 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 13:15 . 2012-06-04 13:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-31 18:08 . 2012-05-31 18:08 -------- d-----w- C:\_OTL
2012-05-30 17:02 . 2012-05-30 17:02 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-30 16:37 . 2012-05-30 16:37 388096 ----a-r- c:\users\Todd\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-30 16:37 . 2012-05-30 16:37 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-30 16:08 . 2012-05-30 17:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-28 19:49 . 2012-05-28 19:49 842 ----a-w- C:\user.js
2012-05-28 19:49 . 2012-05-29 16:56 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-05-26 04:00 . 2012-05-28 00:13 -------- d-----w- c:\programdata\blekko toolbars
2012-05-26 04:00 . 2012-05-26 04:00 -------- d-----w- c:\users\Todd\AppData\Local\blekkotb_031
2012-05-26 04:00 . 2012-05-29 16:59 -------- d-----w- c:\programdata\Tarma Installer
2012-05-26 04:00 . 2012-05-26 04:00 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-05-13 16:13 . 2012-05-28 00:09 -------- d-----w- c:\program files (x86)\7-Zip
2012-05-11 08:01 . 2012-05-11 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-11 08:01 . 2012-05-11 08:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-05 15:46 . 2012-06-04 13:04 -------- d-----w- c:\programdata\boost_interprocess
2012-05-05 15:46 . 2012-06-01 05:38 -------- d-----w- c:\users\Todd\AppData\Roaming\Skype
2012-05-05 15:46 . 2012-05-05 15:46 -------- d-----r- c:\program files (x86)\Skype
2012-05-05 15:46 . 2012-05-05 15:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-05 15:46 . 2012-05-05 15:46 -------- d-----w- c:\programdata\Skype
2012-05-05 13:34 . 2012-06-02 16:20 -------- d-----w- c:\users\Todd\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 17:02 . 2011-05-27 15:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 07:48 . 2010-03-02 14:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-09 07:48 . 2010-03-02 14:40 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-09 07:48 . 2010-05-19 06:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-09 07:48 . 2010-04-01 06:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-28 15:12 . 2011-01-10 03:06 644496 ----a-w- c:\users\Todd\EBOOT.BIN
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 20:56 . 2011-03-24 01:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 07:58 . 2010-03-05 07:32 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-24 07:57 . 2010-03-05 07:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-24 07:57 . 2010-06-03 06:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-24 07:57 . 2010-03-02 14:40 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-19 10:17 . 2012-03-19 10:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-01_05.24.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-01 05:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-04 06:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-01 05:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-04 06:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-01 05:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-04 06:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-24 07:53 . 2012-06-01 05:39 53310 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-01 05:39 31984 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-01 19:04 . 2012-06-01 05:39 16830 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1413658493-208379941-2510509854-1001_UserData.bin
- 2010-03-01 18:54 . 2012-06-01 05:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 18:54 . 2012-06-04 13:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 18:54 . 2012-06-04 13:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-01 18:54 . 2012-06-01 05:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-04 13:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-01 05:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-01 19:40 . 2012-06-01 05:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-01 19:40 . 2012-05-31 18:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-06-03 16:51 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-01 19:40 . 2012-06-01 05:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-01 19:40 . 2012-05-31 18:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-01 19:40 . 2012-06-01 05:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-01 19:40 . 2012-05-31 18:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-01 19:00 . 2012-06-04 13:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-01 19:00 . 2012-06-01 05:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-01 19:00 . 2012-06-01 05:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-01 19:00 . 2012-06-04 13:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-04 13:17 . 2012-06-04 13:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-01 05:24 . 2012-06-01 05:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-01 05:24 . 2012-06-01 05:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-04 13:17 . 2012-06-04 13:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-01 20:48 . 2012-06-04 12:52 414694 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-06-01 05:42 660280 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-31 18:14 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-01 05:42 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-31 18:14 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-01 05:23 339716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-04 13:15 339716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-03-03 09:18 . 2012-06-01 05:23 2487596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1413658493-208379941-2510509854-1001-8192.dat
+ 2010-03-03 09:18 . 2012-06-04 13:15 2487596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1413658493-208379941-2510509854-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 17:02]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2012-05-30 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
FF - ProfilePath - c:\users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8ujcUcmh
FF - user.js: extensions.incredibar_i.upn2n - 92824439394731701
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8ujcUcmh&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 780e0ab90000000000000626824725b7
FF - user.js: extensions.incredibar_i.instlDay - 15488
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:49
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0,
c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\
"rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-06-04 08:21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 13:21
ComboFix2.txt 2012-06-01 05:28
.
Pre-Run: 853,600,526,336 bytes free
Post-Run: 855,703,236,608 bytes free
.
- - End Of File - - E7BB1918BC7487E78A11BE6D604FCB0F

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 04 June 2012 - 11:14 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 seabeetod

seabeetod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 05 June 2012 - 12:08 AM

Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Bing Bar
BufferChm
C410
Command & Conquer™ Red Alert™ 3
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocProc
DVD Menu Pack for HP MediaSmart Video
Fax
ffdshow [rev 2527] [2008-12-19]
Google Chrome
Google Talk Plugin
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Photo Creations
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Hulu Desktop
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 31
Junk Mail filter update
LabelPrint
LG USB Modem driver
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft® Winter Fun Pack 2004 for Windows® XP
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
NVIDIA PhysX
OF Dragon Rising
OpenOffice.org 3.2
Origin
PictureMover
Power2Go
PowerDirector
PS_AIO_07_C410_SW_Min
Quicken 2010
QuickTransfer
Realtek High Definition Audio Driver
Recovery Manager
RLPrintPlugin
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.9
SmartWebPrinting
SolutionCenter
SpeechRedist
Status
Steam
The Sims Medieval
The Sims™ 3
The Sims™ 3 Pets
Toolbox
TrayApp
Unified Remote
Unreal Tournament 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Verizon V CAST Media Manager
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WebReg
WildTangent Games App (HP Games)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 beta 2 (32-bit)
WolfQuest
Zoo Tycoon 2 - Ultimate Collection

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 05 June 2012 - 12:23 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 20
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users