Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Smart HDD virus, but problems continue (redirects)


  • This topic is locked This topic is locked
26 replies to this topic

#1 SugaFree

SugaFree

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 08 June 2012 - 03:44 PM

Hello, first off I would like to say thanks for the handy Smart HDD removal guide. I was freaking out when all of my files "disappeared". Luckily, a combination of Rkill, Malwarebytes and the guide on this website helped me out. All of my icons are visible and my background back to normal.

There are still some issues however. Though I am able to use the internet, pages load up really slowly. Additionally, sometimes I would be redirected to a random website with some sort of ad. I seen other searches for how to get rid of them, but I had no luck so far. Used both Firefox and Internet Explorer in my tests.

I tried running the TDSS killer, but I had no luck. Nothing happens when I try running. I even tried renaming the file to a different name but alas, nothing worked.

I am currently running in Safe Mode, but I am also able to run in Normal Mode.

This was the first Rkill log that I ran:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/07/2012 at 23:06:44.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\ProgramData\ucyoxfiwUds.exe
C:\ProgramData\xtmqqD9z7hoGW1.exe
C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 06/07/2012 at 23:08:06.

Second Rkill log had no processes terminated.

Any help would be appreciated. :)

EDIT: Worth noting, I ran other scans with other software (such as SUPERAntiSpywre) that removed threats that weren't seen by Malware Bytes. The program Spy Hunter found something called Whazit. Something about it being a homepage hijacker. I needed to pay for the software in order to remove it however. I didn't purchase.

Edit 2: Here is the DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Joshua at 13:48:34 on 2012-06-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6427 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Joshua\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\Joshua\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E6886B1E-9A15-4B1A-AECF-8AC98AE49601} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E6886B1E-9A15-4B1A-AECF-8AC98AE49601}\144545031363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E6886B1E-9A15-4B1A-AECF-8AC98AE49601}\2375942554536373 : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [GrpConv] grpconv -o
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\ezc4ejiq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb88af49f-a355-4f8d-bfae-b5c98497e15d%7D&mid=a137919bae2c5293b9afd40ba8a01ea6-ee417f099a3581a77885b46ae72e88669b53de93&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-06%2023%3A20%3A23&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: C:\Users\Joshua\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:29:17];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-19 146928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-8 13336]
S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-4-29 517632]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-6 935480]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-16 23536]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-08 19:48:44 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-08 18:56:51 110080 ----a-r- C:\Users\Joshua\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-08 18:56:51 110080 ----a-r- C:\Users\Joshua\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-08 18:56:51 110080 ----a-r- C:\Users\Joshua\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-08 18:56:51 -------- d-----w- C:\sh4ldr
2012-06-08 18:56:50 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-08 18:56:07 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-08 18:44:40 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-08 05:58:14 -------- d-----w- C:\Users\Joshua\AppData\Roaming\Malwarebytes
2012-06-08 05:58:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-08 05:58:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 06:20:39 -------- d-----w- C:\Users\Joshua\AppData\Local\AVG Secure Search
2012-06-07 06:20:21 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-07 06:20:20 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-07 06:20:19 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-07 06:19:29 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-07 00:30:45 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48AD6636-D4FD-4573-87CD-52DE40F11AC8}\mpengine.dll
2012-05-29 00:51:47 -------- d-----w- C:\Boshy
2012-05-15 07:14:43 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-15 07:12:30 -------- d-----w- C:\ProgramData\Battle.net
2012-05-14 23:33:51 -------- d-----w- C:\Users\Joshua\AppData\Local\LogMeIn Rescue Applet
2012-05-13 05:16:49 -------- d-----w- C:\Windows\SysWow64\directx
2012-05-13 05:16:49 -------- d-----w- C:\Windows\msdownld.tmp
2012-05-11 21:44:02 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-11 21:44:02 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 21:44:02 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 21:44:01 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-11 21:44:01 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-11 21:44:01 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-11 21:44:01 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-11 21:44:01 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-11 21:44:01 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-11 21:44:01 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-11 21:43:35 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 21:43:31 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 21:43:30 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 21:43:30 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 21:43:29 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 21:43:27 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 21:43:25 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 21:43:25 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 21:43:25 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 21:43:25 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 21:43:25 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M ====================
.
2012-06-08 18:44:15 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-19 11:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-03-19 12:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-03-10 23:22:14 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 13:58:17.97 ===============

Edited by SugaFree, 08 June 2012 - 04:02 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 08 June 2012 - 11:41 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SugaFree

SugaFree
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 09 June 2012 - 02:24 AM

Ok, so upon reboot I got this popup. Saying something along the lines of IAStorIcon.exe Debugger failed, would you like to try again? I did the mistake of just hitting cancel without really looking at the details of the popup. Otherwise, everything went ok. Worth noting is that I haven't been getting any redirects, BUT the web pages load up slow. Especially Google/Yahoo searches. Not sure if it is related, but I also been hearing a strange "crackle" coming out of the speakers of my PC. Wasn't there before the virus. This applies for both the stereo speakers that I hooked up to my computer and the speakers coming out of my TV/Monitor.

Anyway, here are the logs.

Security Check Log:

Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 6 Update 22
Java™ 6 Update 32
Java™ 7 Update 4
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (13.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


And here is the ComboFix log:

ComboFix 12-06-08.02 - Joshua 06/08/2012 23:15:54.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.5923 [GMT -7:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\xtmqqD9z7hoGW1
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\2c53092c95605355.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\4bb98956f30b06aa.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\7950dd16e312395d.fb
c:\windows\SysWow64\Cache\a4d872a71a7693c1.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 06:51 . 2012-06-09 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 04:09 . 2012-06-01 15:40 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-09 04:09 . 2012-06-01 15:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 04:09 . 2012-06-01 15:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 03:55 . 2012-06-09 03:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-09 03:54 . 2012-06-09 03:54 -------- d-----w- c:\program files (x86)\Oracle
2012-06-08 19:48 . 2012-06-08 19:48 -------- d-----w- c:\program files (x86)\ESET
2012-06-08 18:56 . 2012-06-08 23:14 -------- d-----w- C:\sh4ldr
2012-06-08 18:56 . 2012-06-08 18:56 -------- d-----w- c:\program files\Enigma Software Group
2012-06-08 18:56 . 2012-06-08 23:14 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-08 18:44 . 2012-06-08 18:44 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-08 05:58 . 2012-06-08 05:58 -------- d-----w- c:\users\Joshua\AppData\Roaming\Malwarebytes
2012-06-08 05:58 . 2012-06-08 05:58 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 05:58 . 2012-06-08 05:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-07 06:20 . 2012-06-07 06:20 -------- d-----w- c:\users\Joshua\AppData\Local\AVG Secure Search
2012-06-07 06:20 . 2012-06-08 08:45 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-07 06:20 . 2012-06-07 06:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-07 06:20 . 2012-06-07 06:20 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-07 06:19 . 2012-06-07 06:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-07 00:30 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48AD6636-D4FD-4573-87CD-52DE40F11AC8}\mpengine.dll
2012-05-29 00:51 . 2012-05-29 00:52 -------- d-----w- C:\Boshy
2012-05-15 07:14 . 2012-06-07 05:39 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 07:12 . 2012-05-15 07:12 -------- d-----w- c:\programdata\Battle.net
2012-05-14 23:33 . 2012-05-16 22:59 -------- d-----w- c:\users\Joshua\AppData\Local\LogMeIn Rescue Applet
2012-05-13 05:16 . 2012-05-13 05:16 -------- d-----w- c:\windows\msdownld.tmp
2012-05-11 21:44 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 21:44 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 21:44 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-11 21:44 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 21:44 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 21:44 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 21:44 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 21:44 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-11 21:44 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-11 21:44 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-11 21:43 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 21:43 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 21:43 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 21:43 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 21:43 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 21:43 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 21:43 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 21:43 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 21:43 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 21:43 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 21:43 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-05 01:47 . 2010-07-13 06:55 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-19 12:17 . 2012-03-19 12:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-16 06:29 . 2012-03-16 06:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 06:29 . 2012-03-16 06:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 06:29 . 2012-03-16 06:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 06:29 . 2012-03-16 06:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 06:29 . 2012-03-16 06:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 06:29 . 2012-03-16 06:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 06:29 . 2012-03-16 06:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 06:29 . 2012-03-16 06:29 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 06:29 . 2012-03-16 06:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 06:29 . 2012-03-16 06:29 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 06:29 . 2012-03-16 06:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 06:29 . 2012-03-16 06:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 06:29 . 2012-03-16 06:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 06:29 . 2012-03-16 06:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 06:29 . 2012-03-16 06:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 06:29 . 2012-03-16 06:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 06:29 . 2012-03-16 06:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 06:29 . 2012-03-16 06:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 06:29 . 2012-03-16 06:29 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 06:29 . 2012-03-16 06:29 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 06:29 . 2012-03-16 06:29 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 06:29 . 2012-03-16 06:29 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 06:29 . 2012-03-16 06:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 06:29 . 2012-03-16 06:29 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 06:29 . 2012-03-16 06:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 06:29 . 2012-03-16 06:29 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 06:29 . 2012-03-16 06:29 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 06:29 . 2012-03-16 06:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 06:29 . 2012-03-16 06:29 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 06:29 . 2012-03-16 06:29 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 06:29 . 2012-03-16 06:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 06:29 . 2012-03-16 06:29 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 06:29 . 2012-03-16 06:29 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 06:29 . 2012-03-16 06:29 111616 ----a-w- c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-07 06:20 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-08 4786048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-07 1104440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:29];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 00:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2012-04-24 517632]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-07 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-27 23:50]
.
2012-06-07 c:\windows\Tasks\HPCeeScheduleForJoshua.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2010-06-22 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\ezc4ejiq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb88af49f-a355-4f8d-bfae-b5c98497e15d%7D&mid=a137919bae2c5293b9afd40ba8a01ea6-ee417f099a3581a77885b46ae72e88669b53de93&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-06%2023%3A20%3A23&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-918019815-3831244301-3420633032-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,2f,77,af,08,dc,9a,4d,d2,2e,a8,e8,38,78,7c,53,6c,37,a2,1e,4e,b9,fe,
e2,be,ef,b2,6a,9c,d7,00,ca,a3,82,4c,5e,13,0f,c8,28,34,8a,d2,75,0f,0e,74,8f,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-918019815-3831244301-3420633032-1001\Software\SecuROM\License information*]
"datasecu"=hex:12,d8,96,15,90,c8,09,ad,34,b0,6d,f7,c7,21,ba,cf,c2,be,85,ad,8f,
c4,7b,a8,9c,9c,d4,3d,45,14,ed,64,2c,f3,6f,f5,f3,a7,39,40,51,1e,39,08,08,c1,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-06-09 00:18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 07:18
.
Pre-Run: 383,566,200,832 bytes free
Post-Run: 384,408,535,040 bytes free
.
- - End Of File - - E849261E88751CF53A2F27F578B8DB05

Edited by SugaFree, 09 June 2012 - 02:40 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 09 June 2012 - 02:40 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SugaFree

SugaFree
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 09 June 2012 - 02:43 AM

Both TDSS Killer and aswMBR don't want to run. Made sure to "Run as Administrator" but no luck.

Also: redirects seem to be occurring again. Earlier today it was going well, but now it redirects to random ad sites.

Getting pretty late, "past my bad time" as they say. Hopefully I get another response waiting for me in the morning :)

Edited by SugaFree, 09 June 2012 - 03:09 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 09 June 2012 - 03:21 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SugaFree

SugaFree
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 09 June 2012 - 01:33 PM

Ok, the TDSS fix tool said "***Infected MBR Detected". I clicked Repair and then it said "Repair Was Successful". Worth noting is that before on Google, I didn't get that drop down search. The one that says I Feel Lucky after typing something into the search bar. I see them instantly pop up now, before they would either take a loooong time to load or wouldn't even show up. No redirects either.

Not sure if it is related to the virus, but I see some sort of "clipping" on my screen.

Here is the log for the TDSSKiller.

11:28:47.0717 4844 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
11:28:48.0201 4844 ============================================================
11:28:48.0201 4844 Current date / time: 2012/06/09 11:28:48.0201
11:28:48.0201 4844 SystemInfo:
11:28:48.0201 4844
11:28:48.0201 4844 OS Version: 6.1.7600 ServicePack: 0.0
11:28:48.0201 4844 Product type: Workstation
11:28:48.0201 4844 ComputerName: JOSHUA-PC
11:28:48.0201 4844 UserName: Joshua
11:28:48.0201 4844 Windows directory: C:\Windows
11:28:48.0201 4844 System windows directory: C:\Windows
11:28:48.0201 4844 Running under WOW64
11:28:48.0201 4844 Processor architecture: Intel x64
11:28:48.0201 4844 Number of processors: 8
11:28:48.0201 4844 Page size: 0x1000
11:28:48.0201 4844 Boot type: Normal boot
11:28:48.0201 4844 ============================================================
11:28:51.0586 4844 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:28:51.0602 4844 ============================================================
11:28:51.0602 4844 \Device\Harddisk0\DR0:
11:28:51.0602 4844 MBR partitions:
11:28:51.0602 4844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:28:51.0602 4844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x730A8800
11:28:51.0602 4844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730DB000, BlocksNum 0x1626DB0
11:28:51.0602 4844 ============================================================
11:28:51.0617 4844 C: <-> \Device\Harddisk0\DR0\Partition1
11:28:51.0664 4844 D: <-> \Device\Harddisk0\DR0\Partition2
11:28:51.0664 4844 ============================================================
11:28:51.0664 4844 Initialize success
11:28:51.0664 4844 ============================================================
11:28:57.0452 6224 ============================================================
11:28:57.0452 6224 Scan started
11:28:57.0452 6224 Mode: Manual;
11:28:57.0452 6224 ============================================================
11:28:58.0107 6224 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:28:58.0107 6224 !SASCORE - ok
11:28:58.0372 6224 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:28:58.0372 6224 1394ohci - ok
11:28:58.0419 6224 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:28:58.0419 6224 ACPI - ok
11:28:58.0450 6224 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:28:58.0450 6224 AcpiPmi - ok
11:28:58.0497 6224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:28:58.0497 6224 adp94xx - ok
11:28:58.0559 6224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:28:58.0559 6224 adpahci - ok
11:28:58.0653 6224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:28:58.0653 6224 adpu320 - ok
11:28:58.0700 6224 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:28:58.0700 6224 AeLookupSvc - ok
11:28:58.0778 6224 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:28:58.0778 6224 AFD - ok
11:28:58.0793 6224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:28:58.0793 6224 agp440 - ok
11:28:58.0809 6224 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:28:58.0809 6224 ALG - ok
11:28:58.0824 6224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:28:58.0824 6224 aliide - ok
11:28:58.0871 6224 AMD External Events Utility (dceee24e57e8176115207312f827c130) C:\Windows\system32\atiesrxx.exe
11:28:58.0871 6224 AMD External Events Utility - ok
11:28:58.0887 6224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:28:58.0887 6224 amdide - ok
11:28:58.0918 6224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:28:58.0918 6224 AmdK8 - ok
11:28:59.0277 6224 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
11:28:59.0355 6224 amdkmdag - ok
11:28:59.0480 6224 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
11:28:59.0480 6224 amdkmdap - ok
11:28:59.0495 6224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:28:59.0495 6224 AmdPPM - ok
11:28:59.0542 6224 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:28:59.0542 6224 amdsata - ok
11:28:59.0589 6224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:28:59.0589 6224 amdsbs - ok
11:28:59.0636 6224 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:28:59.0636 6224 amdxata - ok
11:28:59.0667 6224 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
11:28:59.0667 6224 androidusb - ok
11:28:59.0698 6224 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:28:59.0698 6224 AppID - ok
11:28:59.0714 6224 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:28:59.0714 6224 AppIDSvc - ok
11:28:59.0729 6224 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
11:28:59.0729 6224 Appinfo - ok
11:28:59.0838 6224 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:28:59.0838 6224 Apple Mobile Device - ok
11:28:59.0870 6224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:28:59.0870 6224 arc - ok
11:28:59.0885 6224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:28:59.0885 6224 arcsas - ok
11:29:00.0010 6224 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:29:00.0041 6224 aspnet_state - ok
11:29:00.0072 6224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:29:00.0072 6224 AsyncMac - ok
11:29:00.0104 6224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:29:00.0104 6224 atapi - ok
11:29:00.0182 6224 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
11:29:00.0197 6224 athr - ok
11:29:00.0275 6224 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
11:29:00.0275 6224 AtiHdmiService - ok
11:29:00.0338 6224 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:29:00.0338 6224 AudioEndpointBuilder - ok
11:29:00.0338 6224 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:29:00.0338 6224 AudioSrv - ok
11:29:00.0712 6224 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
11:29:00.0728 6224 AVGIDSAgent - ok
11:29:00.0837 6224 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:29:00.0837 6224 AVGIDSDriver - ok
11:29:00.0868 6224 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:29:00.0868 6224 AVGIDSFilter - ok
11:29:00.0884 6224 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
11:29:00.0884 6224 AVGIDSHA - ok
11:29:00.0946 6224 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
11:29:00.0946 6224 Avgldx64 - ok
11:29:00.0962 6224 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:29:00.0962 6224 Avgmfx64 - ok
11:29:01.0024 6224 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:29:01.0024 6224 Avgrkx64 - ok
11:29:01.0040 6224 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
11:29:01.0040 6224 Avgtdia - ok
11:29:01.0149 6224 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:29:01.0149 6224 avgwd - ok
11:29:01.0196 6224 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
11:29:01.0196 6224 AxInstSV - ok
11:29:01.0242 6224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:29:01.0242 6224 b06bdrv - ok
11:29:01.0274 6224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:29:01.0274 6224 b57nd60a - ok
11:29:01.0305 6224 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:29:01.0305 6224 BDESVC - ok
11:29:01.0305 6224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:29:01.0305 6224 Beep - ok
11:29:01.0398 6224 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
11:29:01.0414 6224 BFE - ok
11:29:01.0554 6224 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
11:29:01.0570 6224 BITS - ok
11:29:01.0648 6224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:29:01.0664 6224 blbdrive - ok
11:29:01.0804 6224 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:29:01.0804 6224 Bonjour Service - ok
11:29:01.0866 6224 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:29:01.0866 6224 bowser - ok
11:29:01.0960 6224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:29:01.0960 6224 BrFiltLo - ok
11:29:01.0976 6224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:29:01.0976 6224 BrFiltUp - ok
11:29:02.0022 6224 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:29:02.0022 6224 BridgeMP - ok
11:29:02.0054 6224 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
11:29:02.0054 6224 Browser - ok
11:29:02.0069 6224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:29:02.0069 6224 Brserid - ok
11:29:02.0085 6224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:29:02.0085 6224 BrSerWdm - ok
11:29:02.0085 6224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:29:02.0085 6224 BrUsbMdm - ok
11:29:02.0100 6224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:29:02.0100 6224 BrUsbSer - ok
11:29:02.0116 6224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:29:02.0116 6224 BTHMODEM - ok
11:29:02.0132 6224 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:29:02.0147 6224 bthserv - ok
11:29:02.0272 6224 catchme - ok
11:29:02.0319 6224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:29:02.0319 6224 cdfs - ok
11:29:02.0350 6224 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:29:02.0366 6224 cdrom - ok
11:29:02.0381 6224 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:29:02.0381 6224 CertPropSvc - ok
11:29:02.0412 6224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:29:02.0412 6224 circlass - ok
11:29:02.0428 6224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:29:02.0428 6224 CLFS - ok
11:29:02.0506 6224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:29:02.0506 6224 clr_optimization_v2.0.50727_32 - ok
11:29:02.0553 6224 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:29:02.0553 6224 clr_optimization_v2.0.50727_64 - ok
11:29:02.0662 6224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:29:02.0709 6224 clr_optimization_v4.0.30319_32 - ok
11:29:02.0740 6224 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:29:02.0756 6224 clr_optimization_v4.0.30319_64 - ok
11:29:02.0771 6224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:29:02.0771 6224 CmBatt - ok
11:29:02.0802 6224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:29:02.0802 6224 cmdide - ok
11:29:02.0865 6224 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:29:02.0865 6224 CNG - ok
11:29:02.0880 6224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:29:02.0880 6224 Compbatt - ok
11:29:02.0896 6224 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:29:02.0896 6224 CompositeBus - ok
11:29:02.0912 6224 COMSysApp - ok
11:29:02.0990 6224 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
11:29:02.0990 6224 cpuz134 - ok
11:29:03.0005 6224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:29:03.0005 6224 crcdisk - ok
11:29:03.0036 6224 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
11:29:03.0052 6224 CryptSvc - ok
11:29:03.0083 6224 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:29:03.0083 6224 DcomLaunch - ok
11:29:03.0114 6224 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:29:03.0130 6224 defragsvc - ok
11:29:03.0161 6224 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:29:03.0161 6224 DfsC - ok
11:29:03.0192 6224 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
11:29:03.0192 6224 Dhcp - ok
11:29:03.0208 6224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:29:03.0208 6224 discache - ok
11:29:03.0239 6224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:29:03.0239 6224 Disk - ok
11:29:03.0286 6224 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
11:29:03.0286 6224 Dnscache - ok
11:29:03.0317 6224 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
11:29:03.0333 6224 dot3svc - ok
11:29:03.0395 6224 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
11:29:03.0395 6224 DPS - ok
11:29:03.0442 6224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:29:03.0442 6224 drmkaud - ok
11:29:03.0645 6224 dump_wmimmc - ok
11:29:03.0754 6224 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:29:03.0754 6224 DXGKrnl - ok
11:29:03.0801 6224 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
11:29:03.0801 6224 e1yexpress - ok
11:29:03.0832 6224 EagleX64 - ok
11:29:03.0848 6224 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:29:03.0848 6224 EapHost - ok
11:29:04.0019 6224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:29:04.0050 6224 ebdrv - ok
11:29:04.0144 6224 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
11:29:04.0144 6224 EFS - ok
11:29:04.0222 6224 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
11:29:04.0222 6224 ehRecvr - ok
11:29:04.0238 6224 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:29:04.0238 6224 ehSched - ok
11:29:04.0300 6224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:29:04.0300 6224 elxstor - ok
11:29:04.0316 6224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:29:04.0316 6224 ErrDev - ok
11:29:04.0409 6224 esgiguard - ok
11:29:04.0440 6224 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:29:04.0440 6224 EventSystem - ok
11:29:04.0472 6224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:29:04.0472 6224 exfat - ok
11:29:04.0487 6224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:29:04.0503 6224 fastfat - ok
11:29:04.0550 6224 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
11:29:04.0550 6224 Fax - ok
11:29:04.0596 6224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:29:04.0596 6224 fdc - ok
11:29:04.0612 6224 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:29:04.0612 6224 fdPHost - ok
11:29:04.0628 6224 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:29:04.0628 6224 FDResPub - ok
11:29:04.0643 6224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:29:04.0643 6224 FileInfo - ok
11:29:04.0659 6224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:29:04.0659 6224 Filetrace - ok
11:29:04.0674 6224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:29:04.0674 6224 flpydisk - ok
11:29:04.0706 6224 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:29:04.0721 6224 FltMgr - ok
11:29:04.0799 6224 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
11:29:04.0799 6224 FontCache - ok
11:29:04.0862 6224 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:29:04.0862 6224 FontCache3.0.0.0 - ok
11:29:04.0877 6224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:29:04.0877 6224 FsDepends - ok
11:29:04.0924 6224 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
11:29:04.0924 6224 Fs_Rec - ok
11:29:04.0971 6224 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:29:04.0971 6224 fvevol - ok
11:29:04.0986 6224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:29:04.0986 6224 gagp30kx - ok
11:29:05.0064 6224 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:29:05.0064 6224 GameConsoleService - ok
11:29:05.0096 6224 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:29:05.0096 6224 GEARAspiWDM - ok
11:29:05.0158 6224 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
11:29:05.0158 6224 gpsvc - ok
11:29:05.0189 6224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:29:05.0189 6224 hcw85cir - ok
11:29:05.0205 6224 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:29:05.0205 6224 HDAudBus - ok
11:29:05.0220 6224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:29:05.0220 6224 HidBatt - ok
11:29:05.0236 6224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:29:05.0236 6224 HidBth - ok
11:29:05.0252 6224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:29:05.0252 6224 HidIr - ok
11:29:05.0267 6224 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:29:05.0267 6224 hidserv - ok
11:29:05.0283 6224 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:29:05.0298 6224 HidUsb - ok
11:29:05.0314 6224 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
11:29:05.0314 6224 hkmsvc - ok
11:29:05.0330 6224 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
11:29:05.0330 6224 HomeGroupListener - ok
11:29:05.0392 6224 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
11:29:05.0392 6224 HomeGroupProvider - ok
11:29:05.0486 6224 HP Health Check Service (be78357fb49759b79ccc01894bcfdddb) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
11:29:05.0486 6224 HP Health Check Service - ok
11:29:05.0532 6224 HPDrvMntSvc.exe (2dfb151fd34df104dac0adf070eda83c) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:29:05.0532 6224 HPDrvMntSvc.exe - ok
11:29:05.0626 6224 hpqwmiex (184c500cb9f69585f3fe85e1d2667cd8) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:29:05.0626 6224 hpqwmiex - ok
11:29:05.0688 6224 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:29:05.0688 6224 HpSAMD - ok
11:29:05.0735 6224 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:29:05.0751 6224 HTTP - ok
11:29:05.0751 6224 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:29:05.0751 6224 hwpolicy - ok
11:29:05.0782 6224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:29:05.0782 6224 i8042prt - ok
11:29:05.0829 6224 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
11:29:05.0829 6224 iaStor - ok
11:29:05.0907 6224 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:29:05.0907 6224 IAStorDataMgrSvc - ok
11:29:05.0954 6224 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:29:05.0969 6224 iaStorV - ok
11:29:06.0078 6224 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:29:06.0094 6224 idsvc - ok
11:29:06.0110 6224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:29:06.0110 6224 iirsp - ok
11:29:06.0172 6224 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
11:29:06.0172 6224 IKEEXT - ok
11:29:06.0281 6224 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
11:29:06.0297 6224 IntcAzAudAddService - ok
11:29:06.0390 6224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:29:06.0390 6224 intelide - ok
11:29:06.0422 6224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:29:06.0422 6224 intelppm - ok
11:29:06.0453 6224 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:29:06.0453 6224 IPBusEnum - ok
11:29:06.0468 6224 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:29:06.0468 6224 IpFilterDriver - ok
11:29:06.0500 6224 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
11:29:06.0500 6224 iphlpsvc - ok
11:29:06.0515 6224 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:29:06.0515 6224 IPMIDRV - ok
11:29:06.0531 6224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:29:06.0546 6224 IPNAT - ok
11:29:06.0640 6224 iPod Service (24595ec9236d7e421661a2d4ffbd901a) C:\Program Files\iPod\bin\iPodService.exe
11:29:06.0640 6224 iPod Service - ok
11:29:06.0656 6224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:29:06.0656 6224 IRENUM - ok
11:29:06.0687 6224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:29:06.0687 6224 isapnp - ok
11:29:06.0702 6224 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:29:06.0702 6224 iScsiPrt - ok
11:29:06.0718 6224 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
11:29:06.0734 6224 JRAID - ok
11:29:06.0749 6224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:29:06.0749 6224 kbdclass - ok
11:29:06.0765 6224 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:29:06.0765 6224 kbdhid - ok
11:29:06.0796 6224 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:29:06.0796 6224 KeyIso - ok
11:29:06.0827 6224 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:29:06.0827 6224 KSecDD - ok
11:29:06.0843 6224 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:29:06.0843 6224 KSecPkg - ok
11:29:06.0858 6224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:29:06.0874 6224 ksthunk - ok
11:29:06.0890 6224 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:29:06.0905 6224 KtmRm - ok
11:29:06.0952 6224 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
11:29:06.0952 6224 LanmanServer - ok
11:29:06.0968 6224 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
11:29:06.0968 6224 LanmanWorkstation - ok
11:29:07.0077 6224 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:29:07.0077 6224 LBTServ - ok
11:29:07.0108 6224 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
11:29:07.0108 6224 LEqdUsb - ok
11:29:07.0124 6224 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
11:29:07.0124 6224 LHidEqd - ok
11:29:07.0139 6224 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:29:07.0139 6224 LHidFilt - ok
11:29:07.0186 6224 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:29:07.0186 6224 LightScribeService - ok
11:29:07.0233 6224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:29:07.0233 6224 lltdio - ok
11:29:07.0248 6224 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:29:07.0264 6224 lltdsvc - ok
11:29:07.0280 6224 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:29:07.0280 6224 lmhosts - ok
11:29:07.0280 6224 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:29:07.0280 6224 LMouFilt - ok
11:29:07.0311 6224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:29:07.0311 6224 LSI_FC - ok
11:29:07.0326 6224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:29:07.0342 6224 LSI_SAS - ok
11:29:07.0358 6224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:29:07.0358 6224 LSI_SAS2 - ok
11:29:07.0373 6224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:29:07.0373 6224 LSI_SCSI - ok
11:29:07.0404 6224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:29:07.0404 6224 luafv - ok
11:29:07.0451 6224 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
11:29:07.0451 6224 McciCMService - ok
11:29:07.0514 6224 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
11:29:07.0529 6224 McciCMService64 - ok
11:29:07.0560 6224 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
11:29:07.0560 6224 Mcx2Svc - ok
11:29:07.0576 6224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:29:07.0576 6224 megasas - ok
11:29:07.0607 6224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:29:07.0607 6224 MegaSR - ok
11:29:07.0623 6224 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:29:07.0638 6224 MMCSS - ok
11:29:07.0654 6224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:29:07.0654 6224 Modem - ok
11:29:07.0670 6224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:29:07.0670 6224 monitor - ok
11:29:07.0685 6224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:29:07.0685 6224 mouclass - ok
11:29:07.0716 6224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:29:07.0716 6224 mouhid - ok
11:29:07.0716 6224 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:29:07.0716 6224 mountmgr - ok
11:29:07.0826 6224 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:29:07.0826 6224 MozillaMaintenance - ok
11:29:07.0841 6224 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:29:07.0841 6224 mpio - ok
11:29:07.0841 6224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:29:07.0841 6224 mpsdrv - ok
11:29:07.0904 6224 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
11:29:07.0904 6224 MpsSvc - ok
11:29:07.0950 6224 MREMP50 - ok
11:29:07.0966 6224 MREMP50a64 - ok
11:29:07.0966 6224 MRESP50 - ok
11:29:07.0966 6224 MRESP50a64 - ok
11:29:07.0997 6224 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:29:07.0997 6224 MRxDAV - ok
11:29:08.0028 6224 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:29:08.0028 6224 mrxsmb - ok
11:29:08.0091 6224 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:29:08.0091 6224 mrxsmb10 - ok
11:29:08.0091 6224 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:29:08.0091 6224 mrxsmb20 - ok
11:29:08.0122 6224 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:29:08.0122 6224 msahci - ok
11:29:08.0138 6224 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:29:08.0138 6224 msdsm - ok
11:29:08.0169 6224 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:29:08.0169 6224 MSDTC - ok
11:29:08.0184 6224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:29:08.0184 6224 Msfs - ok
11:29:08.0200 6224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:29:08.0200 6224 mshidkmdf - ok
11:29:08.0200 6224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:29:08.0200 6224 msisadrv - ok
11:29:08.0231 6224 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:29:08.0231 6224 MSiSCSI - ok
11:29:08.0247 6224 msiserver - ok
11:29:08.0262 6224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:29:08.0262 6224 MSKSSRV - ok
11:29:08.0278 6224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:29:08.0278 6224 MSPCLOCK - ok
11:29:08.0278 6224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:29:08.0278 6224 MSPQM - ok
11:29:08.0309 6224 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:29:08.0309 6224 MsRPC - ok
11:29:08.0309 6224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:29:08.0309 6224 mssmbios - ok
11:29:08.0325 6224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:29:08.0325 6224 MSTEE - ok
11:29:08.0340 6224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:29:08.0340 6224 MTConfig - ok
11:29:08.0372 6224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:29:08.0372 6224 Mup - ok
11:29:08.0418 6224 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
11:29:08.0418 6224 napagent - ok
11:29:08.0450 6224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:29:08.0450 6224 NativeWifiP - ok
11:29:08.0559 6224 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
11:29:08.0559 6224 NAUpdate - ok
11:29:08.0637 6224 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:29:08.0637 6224 NDIS - ok
11:29:08.0652 6224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:29:08.0652 6224 NdisCap - ok
11:29:08.0652 6224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:29:08.0652 6224 NdisTapi - ok
11:29:08.0668 6224 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:29:08.0668 6224 Ndisuio - ok
11:29:08.0684 6224 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:29:08.0684 6224 NdisWan - ok
11:29:08.0699 6224 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:29:08.0699 6224 NDProxy - ok
11:29:08.0715 6224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:29:08.0715 6224 NetBIOS - ok
11:29:08.0746 6224 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:29:08.0746 6224 NetBT - ok
11:29:08.0777 6224 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:29:08.0777 6224 Netlogon - ok
11:29:08.0824 6224 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:29:08.0824 6224 Netman - ok
11:29:08.0918 6224 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:29:08.0918 6224 NetMsmqActivator - ok
11:29:08.0918 6224 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:29:08.0918 6224 NetPipeActivator - ok
11:29:08.0964 6224 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:29:08.0964 6224 netprofm - ok
11:29:08.0964 6224 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:29:08.0964 6224 NetTcpActivator - ok
11:29:08.0964 6224 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:29:08.0964 6224 NetTcpPortSharing - ok
11:29:09.0011 6224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:29:09.0011 6224 nfrd960 - ok
11:29:09.0042 6224 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
11:29:09.0042 6224 NlaSvc - ok
11:29:09.0058 6224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:29:09.0058 6224 Npfs - ok
11:29:09.0089 6224 npggsvc - ok
11:29:09.0089 6224 NPPTNT2 - ok
11:29:09.0089 6224 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:29:09.0089 6224 nsi - ok
11:29:09.0105 6224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:29:09.0105 6224 nsiproxy - ok
11:29:09.0198 6224 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:29:09.0214 6224 Ntfs - ok
11:29:09.0292 6224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:29:09.0292 6224 Null - ok
11:29:09.0354 6224 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:29:09.0354 6224 nvraid - ok
11:29:09.0401 6224 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:29:09.0401 6224 nvstor - ok
11:29:09.0448 6224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:29:09.0448 6224 nv_agp - ok
11:29:09.0464 6224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:29:09.0464 6224 ohci1394 - ok
11:29:09.0542 6224 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:29:09.0557 6224 ose - ok
11:29:09.0620 6224 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:29:09.0620 6224 p2pimsvc - ok
11:29:09.0651 6224 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:29:09.0651 6224 p2psvc - ok
11:29:09.0682 6224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:29:09.0682 6224 Parport - ok
11:29:09.0713 6224 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
11:29:09.0713 6224 partmgr - ok
11:29:09.0729 6224 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:29:09.0729 6224 PcaSvc - ok
11:29:09.0838 6224 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
11:29:10.0010 6224 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
11:29:10.0056 6224 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:29:10.0056 6224 pci - ok
11:29:10.0072 6224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:29:10.0072 6224 pciide - ok
11:29:10.0088 6224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:29:10.0103 6224 pcmcia - ok
11:29:10.0119 6224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:29:10.0119 6224 pcw - ok
11:29:10.0150 6224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:29:10.0150 6224 PEAUTH - ok
11:29:10.0212 6224 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:29:10.0212 6224 PerfHost - ok
11:29:10.0322 6224 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
11:29:10.0337 6224 pla - ok
11:29:10.0400 6224 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
11:29:10.0400 6224 PlugPlay - ok
11:29:10.0415 6224 PnkBstrA - ok
11:29:10.0415 6224 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:29:10.0415 6224 PNRPAutoReg - ok
11:29:10.0446 6224 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:29:10.0446 6224 PNRPsvc - ok
11:29:10.0493 6224 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
11:29:10.0493 6224 PolicyAgent - ok
11:29:10.0509 6224 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:29:10.0509 6224 Power - ok
11:29:10.0587 6224 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:29:10.0587 6224 PptpMiniport - ok
11:29:10.0618 6224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:29:10.0618 6224 Processor - ok
11:29:10.0649 6224 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
11:29:10.0649 6224 ProfSvc - ok
11:29:10.0680 6224 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:29:10.0680 6224 ProtectedStorage - ok
11:29:10.0712 6224 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:29:10.0712 6224 Psched - ok
11:29:10.0790 6224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:29:10.0805 6224 ql2300 - ok
11:29:10.0883 6224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:29:10.0883 6224 ql40xx - ok
11:29:10.0914 6224 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:29:10.0914 6224 QWAVE - ok
11:29:10.0930 6224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:29:10.0930 6224 QWAVEdrv - ok
11:29:10.0946 6224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:29:10.0946 6224 RasAcd - ok
11:29:10.0961 6224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:29:10.0961 6224 RasAgileVpn - ok
11:29:10.0977 6224 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:29:10.0977 6224 RasAuto - ok
11:29:10.0992 6224 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:29:10.0992 6224 Rasl2tp - ok
11:29:11.0024 6224 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
11:29:11.0024 6224 RasMan - ok
11:29:11.0039 6224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:29:11.0039 6224 RasPppoe - ok
11:29:11.0055 6224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:29:11.0055 6224 RasSstp - ok
11:29:11.0070 6224 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:29:11.0070 6224 rdbss - ok
11:29:11.0102 6224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:29:11.0102 6224 rdpbus - ok
11:29:11.0117 6224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:29:11.0117 6224 RDPCDD - ok
11:29:11.0133 6224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:29:11.0133 6224 RDPENCDD - ok
11:29:11.0133 6224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:29:11.0133 6224 RDPREFMP - ok
11:29:11.0180 6224 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
11:29:11.0180 6224 RDPWD - ok
11:29:11.0226 6224 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:29:11.0226 6224 rdyboost - ok
11:29:11.0242 6224 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:29:11.0242 6224 RemoteAccess - ok
11:29:11.0273 6224 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:29:11.0273 6224 RemoteRegistry - ok
11:29:11.0289 6224 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:29:11.0289 6224 RpcEptMapper - ok
11:29:11.0304 6224 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:29:11.0304 6224 RpcLocator - ok
11:29:11.0336 6224 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:29:11.0336 6224 RpcSs - ok
11:29:11.0382 6224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:29:11.0382 6224 rspndr - ok
11:29:11.0429 6224 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:29:11.0429 6224 SamSs - ok
11:29:11.0507 6224 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:29:11.0507 6224 SASDIFSV - ok
11:29:11.0554 6224 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:29:11.0554 6224 SASKUTIL - ok
11:29:11.0601 6224 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:29:11.0601 6224 sbp2port - ok
11:29:11.0632 6224 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:29:11.0632 6224 SCardSvr - ok
11:29:11.0648 6224 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:29:11.0648 6224 scfilter - ok
11:29:11.0726 6224 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
11:29:11.0726 6224 Schedule - ok
11:29:11.0757 6224 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:29:11.0757 6224 SCPolicySvc - ok
11:29:11.0772 6224 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
11:29:11.0772 6224 SDRSVC - ok
11:29:11.0819 6224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:29:11.0819 6224 secdrv - ok
11:29:11.0819 6224 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
11:29:11.0819 6224 seclogon - ok
11:29:11.0835 6224 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:29:11.0835 6224 SENS - ok
11:29:11.0850 6224 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:29:11.0850 6224 SensrSvc - ok
11:29:11.0866 6224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:29:11.0866 6224 Serenum - ok
11:29:11.0897 6224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:29:11.0897 6224 Serial - ok
11:29:11.0913 6224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:29:11.0913 6224 sermouse - ok
11:29:11.0928 6224 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
11:29:11.0928 6224 SessionEnv - ok
11:29:11.0944 6224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:29:11.0944 6224 sffdisk - ok
11:29:11.0944 6224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:29:11.0944 6224 sffp_mmc - ok
11:29:11.0960 6224 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:29:11.0960 6224 sffp_sd - ok
11:29:11.0975 6224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:29:11.0975 6224 sfloppy - ok
11:29:12.0022 6224 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:29:12.0022 6224 SharedAccess - ok
11:29:12.0053 6224 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
11:29:12.0053 6224 ShellHWDetection - ok
11:29:12.0084 6224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:29:12.0084 6224 SiSRaid2 - ok
11:29:12.0116 6224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:29:12.0116 6224 SiSRaid4 - ok
11:29:12.0162 6224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:29:12.0178 6224 Smb - ok
11:29:12.0209 6224 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:29:12.0209 6224 SNMPTRAP - ok
11:29:12.0209 6224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:29:12.0209 6224 spldr - ok
11:29:12.0272 6224 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
11:29:12.0272 6224 Spooler - ok
11:29:12.0428 6224 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
11:29:12.0459 6224 sppsvc - ok
11:29:12.0521 6224 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:29:12.0521 6224 sppuinotify - ok
11:29:12.0615 6224 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:29:12.0615 6224 srv - ok
11:29:12.0646 6224 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:29:12.0646 6224 srv2 - ok
11:29:12.0677 6224 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:29:12.0677 6224 srvnet - ok
11:29:12.0724 6224 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
11:29:12.0724 6224 ssadbus - ok
11:29:12.0771 6224 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:29:12.0771 6224 ssadmdfl - ok
11:29:12.0786 6224 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
11:29:12.0786 6224 ssadmdm - ok
11:29:12.0802 6224 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
11:29:12.0818 6224 sscdbus - ok
11:29:12.0833 6224 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
11:29:12.0833 6224 sscdmdfl - ok
11:29:12.0864 6224 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
11:29:12.0864 6224 sscdmdm - ok
11:29:12.0896 6224 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:29:12.0896 6224 SSDPSRV - ok
11:29:12.0911 6224 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:29:12.0911 6224 SstpSvc - ok
11:29:12.0958 6224 Steam Client Service - ok
11:29:12.0974 6224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:29:12.0974 6224 stexstor - ok
11:29:13.0036 6224 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
11:29:13.0036 6224 stisvc - ok
11:29:13.0052 6224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:29:13.0052 6224 swenum - ok
11:29:13.0098 6224 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:29:13.0098 6224 swprv - ok
11:29:13.0192 6224 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
11:29:13.0192 6224 SysMain - ok
11:29:13.0254 6224 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
11:29:13.0254 6224 TabletInputService - ok
11:29:13.0286 6224 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
11:29:13.0286 6224 TapiSrv - ok
11:29:13.0301 6224 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:29:13.0301 6224 TBS - ok
11:29:13.0457 6224 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
11:29:13.0473 6224 Tcpip - ok
11:29:14.0003 6224 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
11:29:14.0003 6224 TCPIP6 - ok
11:29:14.0066 6224 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:29:14.0066 6224 tcpipreg - ok
11:29:14.0081 6224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:29:14.0081 6224 TDPIPE - ok
11:29:14.0128 6224 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
11:29:14.0128 6224 TDTCP - ok
11:29:14.0144 6224 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:29:14.0144 6224 tdx - ok
11:29:14.0159 6224 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:29:14.0159 6224 TermDD - ok
11:29:14.0222 6224 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
11:29:14.0222 6224 TermService - ok
11:29:14.0237 6224 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:29:14.0237 6224 Themes - ok
11:29:14.0253 6224 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:29:14.0253 6224 THREADORDER - ok
11:29:14.0269 6224 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:29:14.0269 6224 TrkWks - ok
11:29:14.0300 6224 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
11:29:14.0315 6224 TrustedInstaller - ok
11:29:14.0331 6224 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:29:14.0331 6224 tssecsrv - ok
11:29:14.0362 6224 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:29:14.0362 6224 tunnel - ok
11:29:14.0393 6224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:29:14.0393 6224 uagp35 - ok
11:29:14.0409 6224 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:29:14.0409 6224 udfs - ok
11:29:14.0440 6224 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:29:14.0440 6224 UI0Detect - ok
11:29:14.0440 6224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:29:14.0456 6224 uliagpkx - ok
11:29:14.0456 6224 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:29:14.0456 6224 umbus - ok
11:29:14.0471 6224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:29:14.0487 6224 UmPass - ok
11:29:14.0503 6224 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:29:14.0518 6224 upnphost - ok
11:29:14.0549 6224 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
11:29:14.0549 6224 USBAAPL64 - ok
11:29:14.0627 6224 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
11:29:14.0643 6224 usbaudio - ok
11:29:14.0674 6224 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
11:29:14.0674 6224 usbccgp - ok
11:29:14.0705 6224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:29:14.0705 6224 usbcir - ok
11:29:14.0737 6224 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
11:29:14.0737 6224 usbehci - ok
11:29:14.0768 6224 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:29:14.0783 6224 usbhub - ok
11:29:14.0815 6224 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
11:29:14.0815 6224 usbohci - ok
11:29:14.0830 6224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:29:14.0830 6224 usbprint - ok
11:29:14.0877 6224 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:29:14.0877 6224 USBSTOR - ok
11:29:14.0924 6224 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:29:14.0924 6224 usbuhci - ok
11:29:14.0939 6224 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:29:14.0955 6224 UxSms - ok
11:29:14.0986 6224 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:29:14.0986 6224 VaultSvc - ok
11:29:15.0002 6224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:29:15.0002 6224 vdrvroot - ok
11:29:15.0033 6224 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
11:29:15.0049 6224 vds - ok
11:29:15.0064 6224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:29:15.0064 6224 vga - ok
11:29:15.0080 6224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:29:15.0080 6224 VgaSave - ok
11:29:15.0111 6224 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:29:15.0111 6224 vhdmp - ok
11:29:15.0127 6224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:29:15.0127 6224 viaide - ok
11:29:15.0127 6224 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:29:15.0127 6224 volmgr - ok
11:29:15.0142 6224 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:29:15.0158 6224 volmgrx - ok
11:29:15.0173 6224 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:29:15.0173 6224 volsnap - ok
11:29:15.0189 6224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:29:15.0189 6224 vsmraid - ok
11:29:15.0267 6224 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
11:29:15.0283 6224 VSS - ok
11:29:15.0454 6224 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
11:29:15.0454 6224 vToolbarUpdater11.1.0 - ok
11:29:15.0548 6224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:29:15.0563 6224 vwifibus - ok
11:29:15.0610 6224 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:29:15.0610 6224 vwififlt - ok
11:29:15.0641 6224 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:29:15.0641 6224 W32Time - ok
11:29:15.0673 6224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:29:15.0673 6224 WacomPen - ok
11:29:15.0704 6224 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:29:15.0704 6224 WANARP - ok
11:29:15.0704 6224 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:29:15.0704 6224 Wanarpv6 - ok
11:29:15.0829 6224 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:29:15.0844 6224 WatAdminSvc - ok
11:29:15.0907 6224 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
11:29:15.0922 6224 wbengine - ok
11:29:16.0016 6224 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:29:16.0016 6224 WbioSrvc - ok
11:29:16.0063 6224 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
11:29:16.0063 6224 wcncsvc - ok
11:29:16.0078 6224 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:29:16.0078 6224 WcsPlugInService - ok
11:29:16.0094 6224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:29:16.0094 6224 Wd - ok
11:29:16.0156 6224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:29:16.0156 6224 Wdf01000 - ok
11:29:16.0172 6224 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:29:16.0172 6224 WdiServiceHost - ok
11:29:16.0172 6224 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:29:16.0172 6224 WdiSystemHost - ok
11:29:16.0219 6224 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
11:29:16.0219 6224 WebClient - ok
11:29:16.0250 6224 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:29:16.0250 6224 Wecsvc - ok
11:29:16.0250 6224 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:29:16.0265 6224 wercplsupport - ok
11:29:16.0265 6224 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:29:16.0265 6224 WerSvc - ok
11:29:16.0312 6224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:29:16.0312 6224 WfpLwf - ok
11:29:16.0328 6224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:29:16.0328 6224 WIMMount - ok
11:29:16.0359 6224 WinDefend - ok
11:29:16.0359 6224 WinHttpAutoProxySvc - ok
11:29:16.0421 6224 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:29:16.0421 6224 Winmgmt - ok
11:29:16.0515 6224 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
11:29:16.0531 6224 WinRM - ok
11:29:16.0671 6224 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:29:16.0671 6224 WinUsb - ok
11:29:16.0733 6224 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:29:16.0733 6224 Wlansvc - ok
11:29:16.0921 6224 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:29:16.0936 6224 wlidsvc - ok
11:29:17.0014 6224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:29:17.0014 6224 WmiAcpi - ok
11:29:17.0061 6224 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:29:17.0061 6224 wmiApSrv - ok
11:29:17.0092 6224 WMPNetworkSvc - ok
11:29:17.0092 6224 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:29:17.0092 6224 WPCSvc - ok
11:29:17.0108 6224 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
11:29:17.0108 6224 WPDBusEnum - ok
11:29:17.0123 6224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:29:17.0123 6224 ws2ifsl - ok
11:29:17.0170 6224 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
11:29:17.0170 6224 wscsvc - ok
11:29:17.0170 6224 WSearch - ok
11:29:17.0295 6224 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
11:29:17.0311 6224 wuauserv - ok
11:29:17.0435 6224 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:29:17.0435 6224 WudfPf - ok
11:29:17.0467 6224 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:29:17.0482 6224 WUDFRd - ok
11:29:17.0498 6224 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
11:29:17.0498 6224 wudfsvc - ok
11:29:17.0513 6224 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:29:17.0513 6224 WwanSvc - ok
11:29:17.0607 6224 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
11:29:17.0607 6224 xusb21 - ok
11:29:17.0732 6224 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:29:17.0732 6224 YahooAUService - ok
11:29:17.0810 6224 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
11:29:17.0810 6224 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
11:29:17.0810 6224 MBR (0x1B8) (6baf0c1ec3eeaac33a673903b57b7d56) \Device\Harddisk0\DR0
11:29:18.0028 6224 \Device\Harddisk0\DR0 - ok
11:29:18.0028 6224 Boot (0x1200) (2fc936b2bc5f0ee9a8e39e314b26c90c) \Device\Harddisk0\DR0\Partition0
11:29:18.0028 6224 \Device\Harddisk0\DR0\Partition0 - ok
11:29:18.0044 6224 Boot (0x1200) (c1917295178e009fe3ccc666f34d7d7a) \Device\Harddisk0\DR0\Partition1
11:29:18.0044 6224 \Device\Harddisk0\DR0\Partition1 - ok
11:29:18.0075 6224 Boot (0x1200) (a515f7ab0cbcdf38808629a13719addd) \Device\Harddisk0\DR0\Partition2
11:29:18.0075 6224 \Device\Harddisk0\DR0\Partition2 - ok
11:29:18.0075 6224 ============================================================
11:29:18.0075 6224 Scan finished
11:29:18.0075 6224 ============================================================
11:29:18.0075 6216 Detected object count: 0
11:29:18.0075 6216 Actual detected object count: 0

Edited by SugaFree, 09 June 2012 - 01:38 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 09 June 2012 - 03:01 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SugaFree

SugaFree
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 09 June 2012 - 04:41 PM

I got the "Illegal operation attempted on a registery key that has been marked for deletion." Was I supposed to wait for ComboFix to finish doing its thing? I just immediately restarted the computer when I saw it pop up. Here is the log after I restarted my computer. No pop up the second time around.

Also: web pages open up fast now. It opens how it used to. Same with the Google searches, it looks really good right now.

Here is the log

ComboFix 12-06-09.02 - Joshua 06/09/2012 14:46:53.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6117 [GMT -7:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
Command switches used :: c:\users\Joshua\Desktop\CFScript.txt.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 21:54 . 2012-06-09 21:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-09 21:54 . 2012-06-09 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 18:44 . 2012-06-09 18:44 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-06-09 04:09 . 2012-06-01 15:40 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-09 04:09 . 2012-06-01 15:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 04:09 . 2012-06-01 15:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 03:55 . 2012-06-09 03:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-09 03:54 . 2012-06-09 03:54 -------- d-----w- c:\program files (x86)\Oracle
2012-06-08 19:48 . 2012-06-08 19:48 -------- d-----w- c:\program files (x86)\ESET
2012-06-08 18:56 . 2012-06-08 23:14 -------- d-----w- C:\sh4ldr
2012-06-08 18:56 . 2012-06-08 18:56 -------- d-----w- c:\program files\Enigma Software Group
2012-06-08 18:56 . 2012-06-08 23:14 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-08 18:44 . 2012-06-08 18:44 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-08 05:58 . 2012-06-08 05:58 -------- d-----w- c:\users\Joshua\AppData\Roaming\Malwarebytes
2012-06-08 05:58 . 2012-06-08 05:58 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 05:58 . 2012-06-08 05:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-07 06:20 . 2012-06-07 06:20 -------- d-----w- c:\users\Joshua\AppData\Local\AVG Secure Search
2012-06-07 06:20 . 2012-06-08 08:45 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-07 06:20 . 2012-06-07 06:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-07 06:20 . 2012-06-07 06:20 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-07 06:19 . 2012-06-07 06:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-05-29 00:51 . 2012-05-29 00:52 -------- d-----w- C:\Boshy
2012-05-15 07:14 . 2012-06-07 05:39 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 07:12 . 2012-05-15 07:12 -------- d-----w- c:\programdata\Battle.net
2012-05-14 23:33 . 2012-05-16 22:59 -------- d-----w- c:\users\Joshua\AppData\Local\LogMeIn Rescue Applet
2012-05-13 05:16 . 2012-05-13 05:16 -------- d-----w- c:\windows\msdownld.tmp
2012-05-11 21:44 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 21:44 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 21:44 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-11 21:44 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 21:44 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 21:44 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 21:44 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 21:44 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-11 21:44 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-11 21:44 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-11 21:43 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 21:43 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 21:43 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 21:43 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 21:43 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 21:43 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 21:43 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 21:43 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 21:43 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 21:43 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 21:43 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 08:41 . 2012-06-07 00:30 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48AD6636-D4FD-4573-87CD-52DE40F11AC8}\mpengine.dll
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-05 01:47 . 2010-07-13 06:55 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-19 12:17 . 2012-03-19 12:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-16 06:29 . 2012-03-16 06:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 06:29 . 2012-03-16 06:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 06:29 . 2012-03-16 06:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 06:29 . 2012-03-16 06:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 06:29 . 2012-03-16 06:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 06:29 . 2012-03-16 06:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 06:29 . 2012-03-16 06:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 06:29 . 2012-03-16 06:29 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 06:29 . 2012-03-16 06:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 06:29 . 2012-03-16 06:29 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 06:29 . 2012-03-16 06:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 06:29 . 2012-03-16 06:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 06:29 . 2012-03-16 06:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 06:29 . 2012-03-16 06:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 06:29 . 2012-03-16 06:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 06:29 . 2012-03-16 06:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 06:29 . 2012-03-16 06:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 06:29 . 2012-03-16 06:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 06:29 . 2012-03-16 06:29 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 06:29 . 2012-03-16 06:29 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 06:29 . 2012-03-16 06:29 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 06:29 . 2012-03-16 06:29 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 06:29 . 2012-03-16 06:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 06:29 . 2012-03-16 06:29 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 06:29 . 2012-03-16 06:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 06:29 . 2012-03-16 06:29 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 06:29 . 2012-03-16 06:29 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 06:29 . 2012-03-16 06:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 06:29 . 2012-03-16 06:29 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 06:29 . 2012-03-16 06:29 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 06:29 . 2012-03-16 06:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 06:29 . 2012-03-16 06:29 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 06:29 . 2012-03-16 06:29 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 06:29 . 2012-03-16 06:29 111616 ----a-w- c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_06.56.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-19 16:18 . 2012-06-09 21:56 57078 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-09 21:57 34944 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-22 20:34 . 2012-06-09 21:57 19156 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-918019815-3831244301-3420633032-1001_UserData.bin
- 2009-07-14 04:46 . 2012-06-07 00:32 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-06-09 21:35 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-09 18:45 . 2012-06-09 18:45 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe2_2EBA634C3DB04BEC8765F065A06AB6AA.exe
+ 2012-06-09 18:45 . 2012-06-09 18:45 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe1_5321553C1DE9413FB5EC5DBF79DC538E.exe
+ 2012-06-09 18:45 . 2012-06-09 18:45 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe_01B09B243E324170B7925EAE4C76365E.exe
+ 2012-06-09 18:45 . 2012-06-09 18:45 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\ARPPRODUCTICON.exe
+ 2012-06-09 18:46 . 2012-06-09 18:46 10134 c:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
+ 2012-06-09 18:46 . 2012-06-09 18:46 10134 c:\windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe
- 2010-03-19 16:38 . 2010-03-19 16:38 10134 c:\windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe
- 2011-01-16 20:22 . 2010-12-03 07:44 34164 c:\windows\Help\OEM\Scripts\scriptLibrary.dat
+ 2012-06-09 18:50 . 2010-12-03 07:44 34164 c:\windows\Help\OEM\Scripts\scriptLibrary.dat
+ 2012-06-09 18:50 . 2010-07-16 21:51 14904 c:\windows\Help\OEM\Scripts\LaunchHPForums.exe
- 2010-07-16 21:51 . 2010-07-16 21:51 14904 c:\windows\Help\OEM\Scripts\LaunchHPForums.exe
- 2011-01-16 20:22 . 2010-10-27 21:28 11320 c:\windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe
+ 2012-06-09 18:50 . 2010-10-27 20:28 11320 c:\windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe
+ 2012-06-09 18:50 . 2011-04-27 17:36 21048 c:\windows\Help\OEM\Scripts\checkMui.dll
- 2011-01-16 20:20 . 2011-01-16 20:20 92728 c:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 92728 c:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 98872 c:\windows\assembly\GAC_MSIL\HP.SupportFramework.Logging\1.0.0.0__a5a013d267b3a679\HP.SupportFramework.Logging.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 22584 c:\windows\assembly\GAC_MSIL\HP.SupportFramework.Communicator\1.0.0.0__370cd15173f7ac8f\HP.SupportFramework.Communicator.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 13368 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant\6.0.1.1__ff8a51a3dda870ab\HP.SupportAssistant.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 25144 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.ServiceManager\6.0.1.1__afd7346f05a57c11\HP.SupportAssistant.ServiceManager.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 74296 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Common\6.0.1.1__41bdec5abf54f6dc\HP.SupportAssistant.Common.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 36920 c:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
+ 2012-06-09 18:46 . 2012-06-09 18:46 36920 c:\windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.SessionManager\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.SessionManager.dll
+ 2012-06-09 18:46 . 2012-06-09 18:46 32312 c:\windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.ServiceFacade\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.ServiceFacade.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 77368 c:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
+ 2012-06-09 21:55 . 2012-06-09 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-09 06:54 . 2012-06-09 06:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-09 21:55 . 2012-06-09 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-09 06:54 . 2012-06-09 06:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 18:50 . 2006-09-29 21:28 4096 c:\windows\Help\OEM\Scripts\Interop.HelpPane.dll
- 2011-01-16 20:22 . 2008-12-03 18:24 7168 c:\windows\Help\OEM\Scripts\HPHS_Launcher.exe
+ 2012-06-09 18:50 . 2008-12-03 17:24 7168 c:\windows\Help\OEM\Scripts\HPHS_Launcher.exe
- 2009-07-14 05:01 . 2012-06-09 06:53 338724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-09 21:54 338724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-09 18:46 . 2012-06-09 18:46 412832 c:\windows\Installer\1189cd.msi
+ 2012-06-09 18:45 . 2012-06-09 18:45 877624 c:\windows\assembly\temp\HAT7D99AHQ\HP.SupportFramework.dll
+ 2012-06-09 18:45 . 2012-06-09 18:53 877952 c:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
+ 2012-06-09 18:45 . 2012-06-09 18:45 150584 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Engine\6.0.1.1__e1eab6ede003577a\HP.SupportAssistant.Engine.dll
- 2009-07-14 04:45 . 2012-06-05 16:04 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-09 18:58 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-06-22 20:44 . 2012-06-09 06:53 2460008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-06-22 20:44 . 2012-06-09 21:54 2460008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-24 00:01 . 2011-08-24 00:01 3480576 c:\windows\Installer\1189c3.msi
+ 2012-06-09 18:45 . 2012-06-09 18:45 2430008 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Localization\6.0.1.1__a2352a4c73e11587\HP.SupportAssistant.Localization.dll
- 2009-07-14 02:34 . 2012-06-09 01:36 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-09 21:51 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-06-22 20:44 . 2012-06-09 21:54 10629868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-918019815-3831244301-3420633032-1001-8192.dat
+ 2012-06-09 18:44 . 2012-06-09 18:44 47848756 c:\windows\Installer\1189b9.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-07 06:20 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-08 4786048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-07 1104440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:29];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 00:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2012-04-24 517632]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-07 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-27 23:50]
.
2012-06-09 c:\windows\Tasks\HPCeeScheduleForJoshua.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2010-06-22 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\ezc4ejiq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb88af49f-a355-4f8d-bfae-b5c98497e15d%7D&mid=a137919bae2c5293b9afd40ba8a01ea6-ee417f099a3581a77885b46ae72e88669b53de93&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-06%2023%3A20%3A23&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-918019815-3831244301-3420633032-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,2f,77,af,08,dc,9a,4d,d2,2e,a8,e8,38,78,7c,53,6c,37,a2,1e,4e,b9,fe,
e2,be,ef,b2,6a,9c,d7,00,ca,a3,82,4c,5e,13,0f,c8,28,34,8a,d2,75,0f,0e,74,8f,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-918019815-3831244301-3420633032-1001\Software\SecuROM\License information*]
"datasecu"=hex:12,d8,96,15,90,c8,09,ad,34,b0,6d,f7,c7,21,ba,cf,c2,be,85,ad,8f,
c4,7b,a8,9c,9c,d4,3d,45,14,ed,64,2c,f3,6f,f5,f3,a7,39,40,51,1e,39,08,08,c1,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-06-09 15:01:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 22:01
ComboFix2.txt 2012-06-09 07:18
.
Pre-Run: 385,524,342,784 bytes free
Post-Run: 385,255,849,984 bytes free
.
- - End Of File - - CD6125C43C9A263C62CCEC3570735257

Edited by SugaFree, 09 June 2012 - 05:04 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 09 June 2012 - 06:06 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 SugaFree

SugaFree
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 09 June 2012 - 08:04 PM

Here is the requested report:

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Age of Empires III: Complete Collection
AIM 7
Alien Swarm
Any Video Converter 3.0.7
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Batman: Arkham Asylum GOTY Edition
Bejeweled 2 Deluxe
BioShock 2
BitTorrent
Borderlands
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Comical 0.8
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Counter-Strike: Source Beta
Crysis
CyberLink DVD Suite Deluxe
Dark Void Zero
DC Universe Online
Deus Ex: Game of the Year Edition
Diablo III
DirectX for Managed Code Update (Summer 2004)
DivX Pro 6.8.0 VFW
Download Updater (AOL LLC)
Duke Nukem Forever
Dungeon Defenders
DVD Menu Pack for HP MediaSmart Video
eReg
ESET Online Scanner v3
Fallout: New Vegas
File Type Assistant
Fraps (remove only)
Free File Viewer 2011
GGPO
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
HydraVision
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 32
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Kies mini
Killing Floor
LabelPrint
Left 4 Dead
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
LightScribe System Software
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
Metro 2033
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.1
Monday Night Combat
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Nintendo_History_ScreenSaver
NVIDIA PhysX
OpenOffice.org 3.3
Pando Media Booster
PictureMover
Plants vs. Zombies: Game of the Year
Poker Night at the Inventory
Power2Go
PowerDirector
Project64 1.7
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
S.T.A.L.K.E.R.: Shadow of Chernobyl
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Skype Toolbars
Skype™ 4.2
StarCraft II
Steam
Super Monday Night Combat
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
Team Fortress 2 Dedicated Server
The Binding Of Isaac
The Lord of the Rings FREE Trial
The Misadventures of P.B. Winterbottom
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 09 June 2012 - 08:31 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
BitTorrent
Java™ 6 Update 22
Java™ 6 Update 32
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 SugaFree

SugaFree
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 09 June 2012 - 09:52 PM

Ok, I uninstalled everything you asked and installed/ran everything you asked.

Here is the log for Malwarebytes:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.10.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Joshua :: JOSHUA-PC [administrator]

6/9/2012 7:38:09 PM
mbam-log-2012-06-09 (19-38-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208043
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And here is the log for Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:06 PM, on 6/9/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13622 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:00 AM

Posted 09 June 2012 - 10:07 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
      O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
      O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 SugaFree

SugaFree
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 10 June 2012 - 01:40 AM

Took a lot longer than I expected, but the ESET did find something. Here is the log:

C:\Users\Joshua\Downloads\avc-free.exe Win32/OpenCandy application
C:\Users\Joshua\Downloads\FreeFileViewer2011Setup.exe a variant of Win32/InstallIQ application
C:\Users\Joshua\Downloads\SoftonicDownloader_for_imgburn.exe a variant of Win32/SoftonicDownloader.A application

Also, I had a recent problem with audio lately. Whenever a "new" web page loads, I get a strange crackle coming out of my speakers. This didn't happen before.

Earlier I loaded IGN.com and the crackle persisted up until the page fully loaded up. I decided to load up the page again then the crackle stop. It is really annoying and I have no idea what may be causing it.

Edited by SugaFree, 10 June 2012 - 03:03 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users