Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Small.FI JS/Yechy.A TR/ATRAPS.Gen2 Need some help with the removal of these!


  • This topic is locked This topic is locked
25 replies to this topic

#1 s1ick

s1ick

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 21 June 2012 - 08:57 AM

These viruses keep popping up on my Avira but it just doesnt go away.

Any help would be appreciated.

OTL log

OTL logfile created on: 6/21/2012 5:12:09 AM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Steve\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.10 Gb Available Physical Memory | 77.50% Memory free
8.00 Gb Paging File | 7.24 Gb Available in Paging File | 90.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 10.97 Gb Free Space | 4.71% Space Free | Partition Type: NTFS
Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 05:10:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2010/09/14 18:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/05 01:56:07 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | -H-- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/14 18:59:45 | 001,016,280 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/05 01:56:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/22 10:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2010/10/13 15:26:04 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Fusion(UVC)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 FB 5A 1E 2A C0 CC 01 [binary data]
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109881&babsrc=SP_ss&mntrId=3e4cc86a000000000000002215950c37
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z015&form=ZGAIDF
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://forums.bimmerforums.com/forum/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: izer@camelcamelcamel.com:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109881&babsrc=adbartrp&mntrId=3e4cc86a000000000000002215950c37&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 03:44:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 02:57:57 | 000,000,000 | ---D | M]

[2010/10/12 23:48:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2012/06/19 20:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2012/04/18 00:03:49 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] (The Camelizer) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\izer@camelcamelcamel.com
[2010/10/24 21:29:32 | 000,001,919 | -H-- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\searchplugins\bing-zugo.xml
[2012/02/16 13:41:06 | 000,000,933 | -H-- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\searchplugins\conduit.xml
[2012/04/18 00:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/20 03:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/03/20 03:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/03/20 03:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/03/20 03:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/01 22:02:39 | 000,002,310 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2010/10/13 04:04:02 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 install.jdennis.net
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DeadAIM] C:\Program Files (x86)\AIM\DeadAIM.ocm (JDennis.net Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [ATI] C:\Users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll ()
O4 - HKU\S-1-5-18..\Run: [ATI] C:\Users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll ()
O4 - HKU\S-1-5-19..\Run: [ATI] C:\Users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [ATI] C:\Users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll ()
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001..\Run: [AIM] C:\Program Files (x86)\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001..\Run: [ATI] C:\Users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll ()
O4 - HKU\S-1-5-21-2977698038-3032072187-2987234856-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.manheim.com/simulcast/lib/LiveSound.dll (lgbplay Class)
O16 - DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblockauctions.com/container_repository/laiexec.cab (laiExcuter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8313171-143C-425A-BC44-E9B307AC6CBD}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/02 17:42:35 | 000,000,058 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7599d94f-d69b-11df-be14-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7599d94f-d69b-11df-be14-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Diablo III Setup.exe -- [2012/02/02 17:42:35 | 001,856,592 | ---- | M] (Blizzard Entertainment)
O33 - MountPoints2\{ccd24d9a-4b3f-11e0-8d01-002215950c37}\Shell - "" = AutoRun
O33 - MountPoints2\{ccd24d9a-4b3f-11e0-8d01-002215950c37}\Shell\AutoRun\command - "" = E:\EasySuite.exe bootup
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 05:10:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/06/21 04:44:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/21 04:36:24 | 004,563,474 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix(2).exe
[2012/06/21 04:26:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/21 04:26:35 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/21 04:25:22 | 004,563,474 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/06/09 14:29:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/05/24 12:08:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Avira
[2012/05/24 12:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/05/24 12:02:43 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/05/24 12:02:43 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/05/24 12:02:43 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/05/24 12:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/24 12:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/05/23 01:16:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\ATI
[2012/05/23 01:16:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\ATI
[2012/05/23 01:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/23 01:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/05/23 01:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/23 01:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/23 01:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/05/23 01:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/05/23 01:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/05/23 01:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/05/23 01:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/05/23 01:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/05/23 01:12:26 | 000,064,000 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2012/05/23 01:12:25 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/05/23 01:12:24 | 000,236,544 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/05/23 01:12:24 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/05/23 01:12:23 | 000,503,808 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe

========== Files - Modified Within 30 Days ==========

[2012/06/21 05:10:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/06/21 04:57:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 04:57:01 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 04:55:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 04:52:49 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 04:52:49 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 04:36:37 | 004,563,474 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix(2).exe
[2012/06/21 04:25:28 | 004,563,474 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/06/21 04:24:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 03:56:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/14 03:31:54 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 03:11:26 | 000,744,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 03:11:26 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 03:11:26 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 03:09:49 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/06/03 20:38:18 | 000,001,488 | ---- | M] () -- C:\Users\Steve\Desktop\temp1.pdf

========== Files Created - No Company Name ==========

[2012/06/21 04:45:29 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{b8623368-891e-c491-76be-f9d2d09960e7}\U\800000cb.@
[2012/06/21 04:45:29 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b8623368-891e-c491-76be-f9d2d09960e7}\U\80000000.@
[2012/06/21 04:02:28 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{b8623368-891e-c491-76be-f9d2d09960e7}\U\00000001.@
[2012/06/14 03:09:49 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/06/03 20:38:14 | 000,001,488 | ---- | C] () -- C:\Users\Steve\Desktop\temp1.pdf
[2012/05/23 01:12:26 | 002,664,704 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/05/23 01:12:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/05/23 01:12:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2012/05/23 01:12:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/23 01:12:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2012/05/23 01:12:25 | 002,631,008 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/05/23 01:12:25 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/23 01:12:25 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2012/05/23 01:12:24 | 000,601,728 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/05/23 01:12:24 | 000,038,159 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/05/23 01:12:23 | 000,245,896 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/05/23 01:12:23 | 000,245,896 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/03/20 02:59:01 | 000,000,176 | ---- | C] () -- C:\ProgramData\~p4yXW8P3IE8CmZr
[2012/03/20 02:59:00 | 000,000,264 | ---- | C] () -- C:\ProgramData\~p4yXW8P3IE8CmZ
[2012/03/20 02:58:54 | 000,000,432 | ---- | C] () -- C:\ProgramData\p4yXW8P3IE8CmZ
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/11 13:57:23 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{b8623368-891e-c491-76be-f9d2d09960e7}\@
[2012/01/11 13:57:23 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{b8623368-891e-c491-76be-f9d2d09960e7}\@
[2012/01/11 13:57:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b8623368-891e-c491-76be-f9d2d09960e7}\@
[2012/01/11 13:57:23 | 000,002,048 | -HS- | C] () -- C:\Users\Steve\AppData\Local\{b8623368-891e-c491-76be-f9d2d09960e7}\@
[2011/09/12 12:23:48 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/06 20:04:57 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/27 21:56:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/26 09:55:59 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/21 04:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/13 03:30:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/01/19 06:57:24 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Aim
[2012/06/19 07:17:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Applian FLV and Media Player
[2012/03/01 22:02:37 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Babylon
[2012/06/12 05:12:37 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\BitComet
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EasySuite
[2012/03/02 18:35:22 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Ewcor
[2012/03/02 18:33:42 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Fauxka
[2010/10/24 21:31:52 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\ooVoo Details
[2012/03/26 15:26:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenCandy
[2012/03/26 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Research In Motion
[2012/03/26 15:26:59 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sling Media
[2012/03/26 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\wootalyzer
[2012/03/01 00:35:31 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Ybose
[2012/06/08 22:06:18 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >




OTL extra

OTL Extras logfile created on: 6/21/2012 5:12:09 AM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Steve\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.10 Gb Available Physical Memory | 77.50% Memory free
8.00 Gb Paging File | 7.24 Gb Available in Paging File | 90.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 10.97 Gb Free Space | 4.71% Space Free | Partition Type: NTFS
Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2977698038-3032072187-2987234856-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BF37E58-2346-AE28-8B9A-BEFCB27DA8F1}" = AMD Drag and Drop Transcoding
"{0C8D2D71-45B4-5BDF-6B9D-DDB7FF13B0D4}" = AMD Accelerated Video Transcoding
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{480D6D0F-B959-BCE5-5D6F-F2991376190A}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{63B4DB21-DD83-231E-BA9D-10B5D462069D}" = ccc-utility64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A30F0A5-0B9C-BB66-AE41-EDF2015920AD}" = AMD Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{CD3E12D6-5B22-CB69-1D1C-FC484B25D9EB}" = AMD AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F8F3415-CB0A-49A6-A23A-D8390444B127}" = DeadAIM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CD28259-F7BD-7F0D-DC4A-353A874EEAD0}" = CCC Help Spanish
"{3C3B6C57-AD89-7754-36D3-FB49C758D50A}" = Catalyst Control Center Localization All
"{3F5DBE44-BE3E-3315-B8B8-1DAC5170CA7E}" = Catalyst Control Center
"{45C8BA21-2354-4008-8E6F-826CA3AB1ABF}" = BlackBerry Device Software v5.0.0 for the BlackBerry 8900 smartphone
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DDAF821-4207-0CA8-193F-021CD7AE5840}" = CCC Help German
"{70E1FCBE-7C1D-44A5-2DC2-503726DB23DE}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{913DBBE3-C13B-4F7D-A39C-30D7E7DEA51C}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC9B7C8C-1211-4B18-BE72-ECEBB4DE543D}" = BlackBerry Device Software v5.0.0 for the BlackBerry 8900 smartphone
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CC32995D-B29B-E6EE-41D2-5424336B50B0}" = CCC Help English
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DD72D8F6-F184-C1C1-F88C-BAB13FF044E4}" = CCC Help Chinese Standard
"{DD90664B-8E5F-5BAE-B96A-32D3ACD3BB41}" = Catalyst Control Center InstallProxy
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"AOL Instant Messenger" = AOL Instant Messenger
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitComet" = BitComet 1.23
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"FLV Player" = FLV Player 2.0 (build 25)
"Giraffic" = Veoh Giraffic Video Accelerator
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"oovootoolbar" = ooVoo Toolbar
"Premiumplay Codec-C" = Premiumplay Codec-C
"RealPlayer 15.0" = RealPlayer
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 8980" = Borderlands
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wootalyzer" = Wootalyzer!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2977698038-3032072187-2987234856-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2012 10:41:21 PM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Blizzard Launcher.exe, version: 0.5.1.1682,
time stamp: 0x4fd78e7f Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0018f8af Faulting process id:
0x1c08 Faulting application start time: 0x01cd4e8c90bebf2c Faulting application path:
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1682\Blizzard Launcher.exe Faulting
module path: unknown Report Id: 6b0ac118-ba81-11e1-a66c-002215950c37

Error - 6/20/2012 4:50:51 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x31eb6e76 Faulting process id: 0x30cc Faulting application
start time: 0x01cd4e60882000f0 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 09789f64-bab5-11e1-a66c-002215950c37

Error - 6/20/2012 7:33:43 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rnupgagent.exe, version: 9.0.0.22, time
stamp: 0x4fb69647 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0018fa43 Faulting process id: 0x10f0 Faulting application
start time: 0x01cd4ed88b6111b0 Faulting application path: C:\Users\Steve\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
Faulting
module path: unknown Report Id: c9ed0fc4-bacb-11e1-a66c-002215950c37

Error - 6/20/2012 11:49:19 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x393d7874 Faulting process id: 0x346c Faulting application
start time: 0x01cd4ec2276e4dcd Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 7efac96c-baef-11e1-a66c-002215950c37

Error - 6/20/2012 3:46:07 PM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x66105e6e Faulting process id: 0x3190 Faulting application
start time: 0x01cd4efc88a7e518 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 93a23ca7-bb10-11e1-a66c-002215950c37

Error - 6/21/2012 3:07:37 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16446, time
stamp: 0x4fb57f7f Exception code: 0xc0000005 Fault offset: 0x000adc5d Faulting process
id: 0x1bb0 Faulting application start time: 0x01cd4f1dc69f39fd Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report
Id: c7c0a47e-bb6f-11e1-a66c-002215950c37

Error - 6/21/2012 3:19:35 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bd03d Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e211da1 Exception code: 0x0000046b Fault offset: 0x000000000000a88d
Faulting
process id: 0xc38 Faulting application start time: 0x01cd4e0da19bf004 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 737ed062-bb71-11e1-a66c-002215950c37

Error - 6/21/2012 3:25:26 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aim.exe, version: 0.0.0.0, time stamp:
0x3f2a87b8 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0018f437 Faulting process id: 0x948 Faulting application
start time: 0x01cd4f7eaceb7e7a Faulting application path: C:\Program Files (x86)\AIM\aim.exe
Faulting
module path: unknown Report Id: 44bba395-bb72-11e1-b862-002215950c37

Error - 6/21/2012 3:55:52 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.0.1065.11, time stamp:
0x4d9b89de Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0018c8d7 Faulting process id: 0xd04 Faulting application
start time: 0x01cd4f8302cf184d Faulting application path: C:\Program Files (x86)\Steam\Steam.exe
Faulting
module path: unknown Report Id: 856072c3-bb76-11e1-b62f-002215950c37

Error - 6/21/2012 4:41:46 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.0.1065.11, time stamp:
0x4d9b89de Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x04aae973 Faulting process id: 0xb94 Faulting application
start time: 0x01cd4f8967d5d70f Faulting application path: C:\Program Files (x86)\Steam\Steam.exe
Faulting
module path: unknown Report Id: ef0c5805-bb7c-11e1-9069-002215950c37

[ System Events ]
Error - 11/16/2011 5:56:15 AM | Computer Name = Steve-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/23/2011 3:07:47 AM | Computer Name = Steve-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/28/2011 2:19:30 PM | Computer Name = Steve-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/5/2011 8:16:39 PM | Computer Name = Steve-PC | Source = DCOM | ID = 10010
Description =

Error - 12/7/2011 4:01:24 AM | Computer Name = Steve-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/14/2011 10:38:50 PM | Computer Name = Steve-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 1/14/2012 7:11:50 AM | Computer Name = Steve-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 1/24/2012 7:16:30 PM | Computer Name = Steve-PC | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
storage failed to grow.

Error - 2/2/2012 11:06:55 PM | Computer Name = Steve-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2/7/2012 5:38:17 AM | Computer Name = Steve-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >


Thanks everyone.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 22 June 2012 - 01:40 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 s1ick

s1ick
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 22 June 2012 - 10:21 AM

Thanks for responding Gringo.

Security Check log.

Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 2.0.2
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.10) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#4 s1ick

s1ick
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 22 June 2012 - 10:30 AM

I downloaded ComboFix, closed all programs and turned off my avira. I doubled clicked the combofix and it went halfway before giving me a blue screen. It shut down to prevent loss of data. Tried combofix twice and it happened twice.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 22 June 2012 - 01:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 s1ick

s1ick
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 22 June 2012 - 11:08 PM

Here it is.

19:27:31.0528 7404 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:27:31.0868 7404 ============================================================
19:27:31.0868 7404 Current date / time: 2012/06/22 19:27:31.0868
19:27:31.0868 7404 SystemInfo:
19:27:31.0868 7404
19:27:31.0868 7404 OS Version: 6.1.7600 ServicePack: 0.0
19:27:31.0868 7404 Product type: Workstation
19:27:31.0868 7404 ComputerName: STEVE-PC
19:27:31.0868 7404 UserName: Steve
19:27:31.0868 7404 Windows directory: C:\Windows
19:27:31.0868 7404 System windows directory: C:\Windows
19:27:31.0868 7404 Running under WOW64
19:27:31.0868 7404 Processor architecture: Intel x64
19:27:31.0868 7404 Number of processors: 4
19:27:31.0868 7404 Page size: 0x1000
19:27:31.0868 7404 Boot type: Normal boot
19:27:31.0868 7404 ============================================================
19:27:36.0072 7404 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
19:27:36.0162 7404 ============================================================
19:27:36.0162 7404 \Device\Harddisk0\DR0:
19:27:36.0172 7404 MBR partitions:
19:27:36.0172 7404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:27:36.0172 7404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
19:27:36.0172 7404 ============================================================
19:27:36.0252 7404 C: <-> \Device\Harddisk0\DR0\Partition1
19:27:36.0292 7404 ============================================================
19:27:36.0292 7404 Initialize success
19:27:36.0292 7404 ============================================================
19:27:40.0742 5084 ============================================================
19:27:40.0742 5084 Scan started
19:27:40.0742 5084 Mode: Manual;
19:27:40.0742 5084 ============================================================
19:27:52.0882 5084 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:27:52.0922 5084 1394ohci - ok
19:27:53.0162 5084 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:27:53.0172 5084 ACPI - ok
19:27:53.0202 5084 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:27:53.0202 5084 AcpiPmi - ok
19:27:53.0842 5084 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:27:53.0912 5084 AdobeFlashPlayerUpdateSvc - ok
19:27:54.0152 5084 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:27:54.0242 5084 adp94xx - ok
19:27:54.0292 5084 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:27:54.0332 5084 adpahci - ok
19:27:54.0422 5084 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:27:54.0432 5084 adpu320 - ok
19:27:54.0482 5084 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:27:54.0492 5084 AeLookupSvc - ok
19:27:54.0592 5084 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:27:54.0622 5084 AFD - ok
19:27:54.0652 5084 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:27:54.0652 5084 agp440 - ok
19:27:54.0692 5084 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:27:54.0702 5084 ALG - ok
19:27:54.0742 5084 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:27:54.0762 5084 aliide - ok
19:27:54.0882 5084 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
19:27:54.0892 5084 AMD External Events Utility - ok
19:27:54.0902 5084 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:27:54.0912 5084 amdide - ok
19:27:54.0952 5084 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:27:54.0962 5084 AmdK8 - ok
19:27:55.0552 5084 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:27:55.0994 5084 amdkmdag - ok
19:27:56.0204 5084 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
19:27:56.0224 5084 amdkmdap - ok
19:27:56.0274 5084 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:27:56.0284 5084 AmdPPM - ok
19:27:56.0334 5084 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:27:56.0344 5084 amdsata - ok
19:27:56.0434 5084 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:27:56.0464 5084 amdsbs - ok
19:27:56.0524 5084 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:27:56.0524 5084 amdxata - ok
19:27:56.0804 5084 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:27:56.0804 5084 AntiVirSchedulerService - ok
19:27:56.0864 5084 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:27:56.0864 5084 AntiVirService - ok
19:27:56.0904 5084 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:27:56.0904 5084 AppID - ok
19:27:56.0954 5084 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:27:56.0954 5084 AppIDSvc - ok
19:27:56.0984 5084 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:27:56.0994 5084 Appinfo - ok
19:27:57.0044 5084 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:27:57.0064 5084 AppMgmt - ok
19:27:57.0094 5084 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:27:57.0104 5084 arc - ok
19:27:57.0114 5084 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:27:57.0124 5084 arcsas - ok
19:27:57.0144 5084 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:27:57.0154 5084 AsyncMac - ok
19:27:57.0194 5084 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:27:57.0194 5084 atapi - ok
19:27:57.0264 5084 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
19:27:57.0264 5084 AtiHDAudioService - ok
19:27:58.0074 5084 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:27:58.0134 5084 atikmdag - ok
19:27:58.0294 5084 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:27:58.0314 5084 AudioEndpointBuilder - ok
19:27:58.0314 5084 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:27:58.0324 5084 AudioSrv - ok
19:27:58.0604 5084 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
19:27:58.0664 5084 avgntflt - ok
19:27:58.0744 5084 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
19:27:58.0754 5084 avipbb - ok
19:27:58.0794 5084 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:27:58.0804 5084 avkmgr - ok
19:27:58.0864 5084 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:27:58.0864 5084 AxInstSV - ok
19:27:58.0914 5084 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:27:58.0944 5084 b06bdrv - ok
19:27:58.0974 5084 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:27:58.0994 5084 b57nd60a - ok
19:27:59.0034 5084 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:27:59.0044 5084 BDESVC - ok
19:27:59.0074 5084 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:27:59.0084 5084 Beep - ok
19:27:59.0094 5084 BFE - ok
19:27:59.0154 5084 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
19:27:59.0304 5084 BITS - ok
19:27:59.0514 5084 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:27:59.0534 5084 blbdrive - ok
19:27:59.0694 5084 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:27:59.0714 5084 bowser - ok
19:27:59.0834 5084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:27:59.0844 5084 BrFiltLo - ok
19:27:59.0904 5084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:27:59.0904 5084 BrFiltUp - ok
19:28:00.0054 5084 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:28:00.0064 5084 BridgeMP - ok
19:28:00.0084 5084 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:28:00.0094 5084 Browser - ok
19:28:00.0124 5084 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:28:00.0144 5084 Brserid - ok
19:28:00.0154 5084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:00.0164 5084 BrSerWdm - ok
19:28:00.0194 5084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:00.0194 5084 BrUsbMdm - ok
19:28:00.0204 5084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:00.0204 5084 BrUsbSer - ok
19:28:00.0224 5084 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:28:00.0224 5084 BTHMODEM - ok
19:28:00.0264 5084 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:28:00.0274 5084 bthserv - ok
19:28:00.0304 5084 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:28:00.0304 5084 cdfs - ok
19:28:00.0394 5084 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:28:00.0404 5084 cdrom - ok
19:28:00.0504 5084 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:28:00.0504 5084 CertPropSvc - ok
19:28:00.0524 5084 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:28:00.0534 5084 circlass - ok
19:28:00.0564 5084 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:28:00.0574 5084 CLFS - ok
19:28:00.0624 5084 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:00.0654 5084 clr_optimization_v2.0.50727_32 - ok
19:28:00.0784 5084 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:28:00.0794 5084 clr_optimization_v2.0.50727_64 - ok
19:28:00.0904 5084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:28:00.0964 5084 clr_optimization_v4.0.30319_32 - ok
19:28:00.0984 5084 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:28:00.0994 5084 clr_optimization_v4.0.30319_64 - ok
19:28:01.0024 5084 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:01.0034 5084 CmBatt - ok
19:28:01.0044 5084 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:28:01.0044 5084 cmdide - ok
19:28:01.0114 5084 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:28:01.0134 5084 CNG - ok
19:28:01.0164 5084 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:28:01.0164 5084 Compbatt - ok
19:28:01.0204 5084 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:28:01.0214 5084 CompositeBus - ok
19:28:01.0224 5084 COMSysApp - ok
19:28:01.0404 5084 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
19:28:01.0414 5084 cpuz135 - ok
19:28:01.0424 5084 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:28:01.0434 5084 crcdisk - ok
19:28:01.0494 5084 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
19:28:01.0504 5084 CryptSvc - ok
19:28:01.0544 5084 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
19:28:01.0594 5084 CSC - ok
19:28:01.0634 5084 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
19:28:01.0654 5084 CscService - ok
19:28:01.0704 5084 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:28:01.0714 5084 DcomLaunch - ok
19:28:01.0774 5084 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:28:01.0814 5084 defragsvc - ok
19:28:01.0954 5084 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:28:01.0974 5084 DfsC - ok
19:28:02.0004 5084 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:28:02.0024 5084 Dhcp - ok
19:28:02.0044 5084 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:28:02.0044 5084 discache - ok
19:28:02.0074 5084 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:28:02.0074 5084 Disk - ok
19:28:02.0114 5084 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:28:02.0124 5084 Dnscache - ok
19:28:02.0144 5084 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:28:02.0164 5084 dot3svc - ok
19:28:02.0174 5084 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:28:02.0184 5084 DPS - ok
19:28:02.0234 5084 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:28:02.0244 5084 drmkaud - ok
19:28:02.0314 5084 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:28:02.0364 5084 DXGKrnl - ok
19:28:02.0394 5084 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:28:02.0404 5084 EapHost - ok
19:28:02.0524 5084 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:28:02.0654 5084 ebdrv - ok
19:28:02.0764 5084 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:28:02.0764 5084 EFS - ok
19:28:02.0854 5084 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:28:02.0884 5084 ehRecvr - ok
19:28:02.0904 5084 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:28:02.0934 5084 ehSched - ok
19:28:03.0654 5084 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:28:03.0674 5084 elxstor - ok
19:28:03.0704 5084 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:28:03.0724 5084 ErrDev - ok
19:28:03.0774 5084 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:28:03.0794 5084 EventSystem - ok
19:28:03.0834 5084 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:28:04.0154 5084 exfat - ok
19:28:04.0284 5084 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:28:04.0294 5084 fastfat - ok
19:28:04.0344 5084 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:28:04.0374 5084 Fax - ok
19:28:04.0384 5084 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:28:04.0384 5084 fdc - ok
19:28:04.0394 5084 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:28:04.0404 5084 fdPHost - ok
19:28:04.0404 5084 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:28:04.0414 5084 FDResPub - ok
19:28:04.0424 5084 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:28:04.0434 5084 FileInfo - ok
19:28:04.0444 5084 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:28:04.0454 5084 Filetrace - ok
19:28:04.0454 5084 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:28:04.0464 5084 flpydisk - ok
19:28:04.0484 5084 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:28:04.0494 5084 FltMgr - ok
19:28:04.0584 5084 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
19:28:04.0664 5084 FontCache - ok
19:28:04.0784 5084 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:28:04.0784 5084 FontCache3.0.0.0 - ok
19:28:04.0814 5084 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:28:04.0824 5084 FsDepends - ok
19:28:04.0864 5084 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
19:28:04.0864 5084 Fs_Rec - ok
19:28:04.0934 5084 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:28:04.0944 5084 fvevol - ok
19:28:04.0964 5084 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:28:04.0974 5084 gagp30kx - ok
19:28:05.0064 5084 Giraffic - ok
19:28:05.0114 5084 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:28:05.0144 5084 gpsvc - ok
19:28:05.0274 5084 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:28:05.0304 5084 gupdate - ok
19:28:05.0354 5084 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:28:05.0354 5084 gupdatem - ok
19:28:05.0394 5084 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:28:05.0394 5084 hcw85cir - ok
19:28:05.0444 5084 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:28:05.0494 5084 HdAudAddService - ok
19:28:05.0514 5084 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:28:05.0514 5084 HDAudBus - ok
19:28:05.0534 5084 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:28:05.0534 5084 HidBatt - ok
19:28:05.0564 5084 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:28:05.0574 5084 HidBth - ok
19:28:05.0604 5084 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:28:05.0614 5084 HidIr - ok
19:28:05.0654 5084 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:28:05.0664 5084 hidserv - ok
19:28:05.0674 5084 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:28:05.0684 5084 HidUsb - ok
19:28:05.0704 5084 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:28:05.0714 5084 hkmsvc - ok
19:28:05.0744 5084 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:28:05.0764 5084 HomeGroupListener - ok
19:28:05.0804 5084 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:28:05.0824 5084 HomeGroupProvider - ok
19:28:05.0854 5084 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:28:05.0864 5084 HpSAMD - ok
19:28:05.0914 5084 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:28:05.0964 5084 HTTP - ok
19:28:05.0994 5084 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:28:05.0994 5084 hwpolicy - ok
19:28:06.0034 5084 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:28:06.0044 5084 i8042prt - ok
19:28:06.0104 5084 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:28:06.0124 5084 iaStorV - ok
19:28:06.0244 5084 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:28:06.0364 5084 idsvc - ok
19:28:06.0384 5084 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:28:06.0384 5084 iirsp - ok
19:28:06.0444 5084 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:28:06.0534 5084 IKEEXT - ok
19:28:06.0544 5084 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:28:06.0554 5084 intelide - ok
19:28:06.0564 5084 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:28:06.0574 5084 intelppm - ok
19:28:06.0584 5084 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:28:06.0594 5084 IPBusEnum - ok
19:28:06.0624 5084 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:06.0644 5084 IpFilterDriver - ok
19:28:06.0714 5084 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
19:28:06.0754 5084 iphlpsvc - ok
19:28:06.0764 5084 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:28:06.0774 5084 IPMIDRV - ok
19:28:06.0814 5084 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:28:06.0824 5084 IPNAT - ok
19:28:06.0844 5084 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:28:06.0844 5084 IRENUM - ok
19:28:06.0854 5084 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:28:06.0864 5084 isapnp - ok
19:28:06.0884 5084 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:28:06.0904 5084 iScsiPrt - ok
19:28:06.0934 5084 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:28:06.0944 5084 kbdclass - ok
19:28:07.0344 5084 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:28:07.0394 5084 kbdhid - ok
19:28:07.0474 5084 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:28:07.0484 5084 KeyIso - ok
19:28:07.0514 5084 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:28:07.0524 5084 KSecDD - ok
19:28:07.0574 5084 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:28:07.0584 5084 KSecPkg - ok
19:28:07.0594 5084 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:28:07.0594 5084 ksthunk - ok
19:28:07.0654 5084 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:28:07.0674 5084 KtmRm - ok
19:28:07.0704 5084 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:28:07.0714 5084 L1E - ok
19:28:07.0794 5084 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
19:28:07.0804 5084 LanmanServer - ok
19:28:07.0844 5084 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:28:07.0854 5084 LanmanWorkstation - ok
19:28:07.0924 5084 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
19:28:07.0924 5084 LGBusEnum - ok
19:28:07.0994 5084 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
19:28:08.0004 5084 LGVirHid - ok
19:28:08.0044 5084 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:28:08.0054 5084 lltdio - ok
19:28:08.0094 5084 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:28:08.0114 5084 lltdsvc - ok
19:28:08.0154 5084 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:28:08.0154 5084 lmhosts - ok
19:28:08.0234 5084 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:28:08.0254 5084 LSI_FC - ok
19:28:08.0284 5084 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:28:08.0294 5084 LSI_SAS - ok
19:28:08.0324 5084 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:28:08.0334 5084 LSI_SAS2 - ok
19:28:08.0374 5084 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:28:08.0384 5084 LSI_SCSI - ok
19:28:08.0434 5084 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:28:08.0464 5084 luafv - ok
19:28:08.0734 5084 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:28:08.0924 5084 LVUVC64 - ok
19:28:09.0854 5084 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:28:09.0864 5084 Mcx2Svc - ok
19:28:09.0894 5084 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:28:09.0904 5084 megasas - ok
19:28:09.0934 5084 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:28:09.0954 5084 MegaSR - ok
19:28:10.0044 5084 Microsoft SharePoint Workspace Audit Service - ok
19:28:10.0084 5084 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:28:10.0114 5084 MMCSS - ok
19:28:10.0134 5084 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:28:10.0144 5084 Modem - ok
19:28:10.0164 5084 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:28:10.0164 5084 monitor - ok
19:28:10.0174 5084 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:28:10.0174 5084 mouclass - ok
19:28:10.0204 5084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:28:10.0204 5084 mouhid - ok
19:28:10.0224 5084 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:28:10.0224 5084 mountmgr - ok
19:28:10.0244 5084 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:28:10.0274 5084 mpio - ok
19:28:10.0294 5084 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:28:10.0304 5084 mpsdrv - ok
19:28:10.0314 5084 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:28:10.0324 5084 MRxDAV - ok
19:28:10.0374 5084 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:10.0384 5084 mrxsmb - ok
19:28:10.0434 5084 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:10.0454 5084 mrxsmb10 - ok
19:28:10.0474 5084 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:10.0474 5084 mrxsmb20 - ok
19:28:10.0494 5084 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:28:10.0494 5084 msahci - ok
19:28:10.0514 5084 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:28:10.0524 5084 msdsm - ok
19:28:10.0544 5084 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:28:10.0564 5084 MSDTC - ok
19:28:10.0574 5084 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:28:10.0574 5084 Msfs - ok
19:28:10.0584 5084 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:28:10.0594 5084 mshidkmdf - ok
19:28:10.0594 5084 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:28:10.0604 5084 msisadrv - ok
19:28:10.0624 5084 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:28:10.0634 5084 MSiSCSI - ok
19:28:10.0644 5084 msiserver - ok
19:28:10.0664 5084 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:28:10.0674 5084 MSKSSRV - ok
19:28:10.0684 5084 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:10.0684 5084 MSPCLOCK - ok
19:28:10.0704 5084 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:28:10.0704 5084 MSPQM - ok
19:28:10.0724 5084 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:28:10.0744 5084 MsRPC - ok
19:28:10.0754 5084 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:28:10.0754 5084 mssmbios - ok
19:28:10.0764 5084 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:28:10.0764 5084 MSTEE - ok
19:28:10.0784 5084 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:28:10.0784 5084 MTConfig - ok
19:28:10.0844 5084 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
19:28:10.0844 5084 MTsensor - ok
19:28:10.0874 5084 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:28:10.0874 5084 Mup - ok
19:28:10.0904 5084 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:28:10.0924 5084 napagent - ok
19:28:11.0374 5084 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:28:11.0384 5084 NativeWifiP - ok
19:28:11.0444 5084 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:28:11.0504 5084 NDIS - ok
19:28:11.0534 5084 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:11.0544 5084 NdisCap - ok
19:28:11.0594 5084 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:11.0594 5084 NdisTapi - ok
19:28:11.0614 5084 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:11.0614 5084 Ndisuio - ok
19:28:11.0664 5084 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:11.0684 5084 NdisWan - ok
19:28:11.0714 5084 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:28:11.0724 5084 NDProxy - ok
19:28:11.0754 5084 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:28:11.0754 5084 NetBIOS - ok
19:28:11.0794 5084 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:28:11.0814 5084 NetBT - ok
19:28:11.0864 5084 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:28:11.0864 5084 Netlogon - ok
19:28:11.0904 5084 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:28:11.0964 5084 Netman - ok
19:28:12.0004 5084 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:28:12.0034 5084 netprofm - ok
19:28:12.0134 5084 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:12.0214 5084 NetTcpPortSharing - ok
19:28:12.0254 5084 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:28:12.0264 5084 nfrd960 - ok
19:28:12.0304 5084 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:28:12.0354 5084 NlaSvc - ok
19:28:12.0364 5084 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:28:12.0364 5084 Npfs - ok
19:28:12.0384 5084 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:28:12.0394 5084 nsi - ok
19:28:12.0424 5084 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:28:12.0424 5084 nsiproxy - ok
19:28:12.0534 5084 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:28:12.0604 5084 Ntfs - ok
19:28:12.0714 5084 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:28:12.0714 5084 Null - ok
19:28:12.0764 5084 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:28:12.0774 5084 nvraid - ok
19:28:12.0824 5084 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:28:12.0834 5084 nvstor - ok
19:28:12.0874 5084 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:28:12.0884 5084 nv_agp - ok
19:28:12.0904 5084 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:28:12.0914 5084 ohci1394 - ok
19:28:13.0144 5084 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:28:13.0174 5084 ose - ok
19:28:13.0464 5084 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:28:13.0654 5084 osppsvc - ok
19:28:13.0754 5084 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:28:13.0764 5084 p2pimsvc - ok
19:28:13.0804 5084 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:28:13.0834 5084 p2psvc - ok
19:28:13.0884 5084 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:28:13.0894 5084 Parport - ok
19:28:13.0934 5084 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
19:28:13.0934 5084 partmgr - ok
19:28:13.0974 5084 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:28:13.0994 5084 PcaSvc - ok
19:28:14.0054 5084 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:28:14.0064 5084 pci - ok
19:28:14.0104 5084 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:28:14.0114 5084 pciide - ok
19:28:14.0154 5084 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:28:14.0174 5084 pcmcia - ok
19:28:14.0204 5084 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:28:14.0214 5084 pcw - ok
19:28:14.0264 5084 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:28:14.0304 5084 PEAUTH - ok
19:28:14.0404 5084 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:28:14.0484 5084 PeerDistSvc - ok
19:28:14.0574 5084 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:28:14.0594 5084 PerfHost - ok
19:28:14.0724 5084 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:28:14.0804 5084 pla - ok
19:28:14.0884 5084 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:28:14.0894 5084 PlugPlay - ok
19:28:14.0914 5084 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:28:14.0914 5084 PNRPAutoReg - ok
19:28:15.0254 5084 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:28:15.0264 5084 PNRPsvc - ok
19:28:15.0304 5084 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:28:15.0324 5084 PolicyAgent - ok
19:28:15.0354 5084 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:28:15.0364 5084 Power - ok
19:28:15.0444 5084 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:28:15.0454 5084 PptpMiniport - ok
19:28:15.0474 5084 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:28:15.0484 5084 Processor - ok
19:28:15.0534 5084 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
19:28:15.0544 5084 ProfSvc - ok
19:28:15.0604 5084 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:28:15.0604 5084 ProtectedStorage - ok
19:28:15.0624 5084 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:28:15.0624 5084 Psched - ok
19:28:15.0694 5084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:28:15.0784 5084 ql2300 - ok
19:28:15.0884 5084 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:28:15.0894 5084 ql40xx - ok
19:28:15.0934 5084 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:28:15.0954 5084 QWAVE - ok
19:28:15.0984 5084 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:28:15.0994 5084 QWAVEdrv - ok
19:28:16.0034 5084 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:28:16.0044 5084 RasAcd - ok
19:28:16.0064 5084 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:16.0064 5084 RasAgileVpn - ok
19:28:16.0104 5084 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:28:16.0114 5084 RasAuto - ok
19:28:16.0154 5084 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:16.0164 5084 Rasl2tp - ok
19:28:16.0204 5084 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:28:16.0254 5084 RasMan - ok
19:28:16.0294 5084 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:16.0304 5084 RasPppoe - ok
19:28:16.0354 5084 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:28:16.0354 5084 RasSstp - ok
19:28:16.0404 5084 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:28:16.0414 5084 rdbss - ok
19:28:16.0454 5084 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:16.0454 5084 rdpbus - ok
19:28:16.0484 5084 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:16.0494 5084 RDPCDD - ok
19:28:16.0554 5084 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
19:28:16.0564 5084 RDPDR - ok
19:28:16.0574 5084 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:28:16.0574 5084 RDPENCDD - ok
19:28:16.0614 5084 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:28:16.0614 5084 RDPREFMP - ok
19:28:16.0714 5084 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
19:28:16.0734 5084 RDPWD - ok
19:28:16.0824 5084 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:28:16.0844 5084 rdyboost - ok
19:28:16.0904 5084 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:28:16.0914 5084 RemoteAccess - ok
19:28:17.0154 5084 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:28:17.0164 5084 RemoteRegistry - ok
19:28:17.0224 5084 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:28:17.0234 5084 RimUsb - ok
19:28:17.0264 5084 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:28:17.0274 5084 RimVSerPort - ok
19:28:17.0284 5084 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:28:17.0294 5084 ROOTMODEM - ok
19:28:17.0304 5084 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:28:17.0314 5084 RpcEptMapper - ok
19:28:17.0324 5084 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:28:17.0334 5084 RpcLocator - ok
19:28:17.0384 5084 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:28:17.0394 5084 RpcSs - ok
19:28:17.0424 5084 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:28:17.0434 5084 rspndr - ok
19:28:17.0444 5084 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
19:28:17.0454 5084 s3cap - ok
19:28:17.0504 5084 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:28:17.0504 5084 SamSs - ok
19:28:17.0514 5084 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:28:17.0524 5084 sbp2port - ok
19:28:17.0554 5084 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:28:17.0574 5084 SCardSvr - ok
19:28:17.0594 5084 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:28:17.0594 5084 scfilter - ok
19:28:17.0694 5084 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:28:17.0784 5084 Schedule - ok
19:28:17.0804 5084 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:28:17.0804 5084 SCPolicySvc - ok
19:28:17.0824 5084 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:28:17.0844 5084 SDRSVC - ok
19:28:17.0884 5084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:28:17.0894 5084 secdrv - ok
19:28:17.0914 5084 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:28:17.0924 5084 seclogon - ok
19:28:17.0944 5084 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:28:17.0954 5084 SENS - ok
19:28:17.0974 5084 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:28:17.0974 5084 SensrSvc - ok
19:28:17.0984 5084 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:28:17.0984 5084 Serenum - ok
19:28:18.0014 5084 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:28:18.0024 5084 Serial - ok
19:28:18.0054 5084 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:28:18.0074 5084 sermouse - ok
19:28:18.0104 5084 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:28:18.0114 5084 SessionEnv - ok
19:28:18.0144 5084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:28:18.0144 5084 sffdisk - ok
19:28:18.0184 5084 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:28:18.0184 5084 sffp_mmc - ok
19:28:18.0224 5084 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:28:18.0234 5084 sffp_sd - ok
19:28:18.0264 5084 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:28:18.0264 5084 sfloppy - ok
19:28:18.0294 5084 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:28:18.0314 5084 ShellHWDetection - ok
19:28:18.0364 5084 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:28:18.0364 5084 SiSRaid2 - ok
19:28:18.0374 5084 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:28:18.0384 5084 SiSRaid4 - ok
19:28:18.0424 5084 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:28:18.0424 5084 Smb - ok
19:28:18.0514 5084 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:28:18.0514 5084 SNMPTRAP - ok
19:28:18.0584 5084 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:28:18.0584 5084 spldr - ok
19:28:18.0654 5084 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:28:18.0674 5084 Spooler - ok
19:28:18.0824 5084 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:28:18.0994 5084 sppsvc - ok
19:28:19.0224 5084 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:28:19.0224 5084 sppuinotify - ok
19:28:19.0324 5084 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:28:19.0334 5084 srv - ok
19:28:19.0394 5084 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:28:19.0414 5084 srv2 - ok
19:28:19.0424 5084 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:28:19.0434 5084 srvnet - ok
19:28:19.0464 5084 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:28:19.0474 5084 SSDPSRV - ok
19:28:19.0514 5084 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:28:19.0524 5084 SstpSvc - ok
19:28:19.0594 5084 Steam Client Service - ok
19:28:19.0624 5084 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:28:19.0634 5084 stexstor - ok
19:28:19.0704 5084 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:28:19.0724 5084 stisvc - ok
19:28:19.0864 5084 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
19:28:19.0874 5084 storflt - ok
19:28:19.0914 5084 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
19:28:19.0924 5084 storvsc - ok
19:28:20.0004 5084 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:28:20.0034 5084 swenum - ok
19:28:20.0224 5084 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:28:20.0274 5084 swprv - ok
19:28:20.0494 5084 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:28:20.0574 5084 SysMain - ok
19:28:20.0664 5084 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:28:20.0674 5084 TabletInputService - ok
19:28:20.0724 5084 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:28:20.0744 5084 TapiSrv - ok
19:28:20.0784 5084 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:28:20.0784 5084 TBS - ok
19:28:22.0084 5084 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
19:28:22.0134 5084 Tcpip - ok
19:28:30.0854 5084 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
19:28:30.0864 5084 TCPIP6 - ok
19:28:33.0344 5084 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:28:33.0354 5084 tcpipreg - ok
19:28:33.0384 5084 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:28:33.0414 5084 TDPIPE - ok
19:28:33.0514 5084 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:28:33.0534 5084 TDTCP - ok
19:28:34.0284 5084 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:28:34.0384 5084 tdx - ok
19:28:34.0774 5084 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:28:34.0904 5084 TermDD - ok
19:28:36.0884 5084 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:28:37.0544 5084 TermService - ok
19:28:38.0134 5084 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:28:38.0154 5084 Themes - ok
19:28:38.0644 5084 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:28:38.0654 5084 THREADORDER - ok
19:28:39.0094 5084 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:28:48.0874 5084 TrkWks - ok
19:28:49.0654 5084 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:28:49.0664 5084 TrustedInstaller - ok
19:28:49.0764 5084 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:49.0814 5084 tssecsrv - ok
19:28:50.0324 5084 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:28:50.0344 5084 tunnel - ok
19:28:50.0534 5084 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:28:50.0544 5084 uagp35 - ok
19:28:51.0644 5084 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:28:51.0654 5084 udfs - ok
19:28:51.0764 5084 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:28:51.0774 5084 UI0Detect - ok
19:28:51.0904 5084 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:28:51.0914 5084 uliagpkx - ok
19:28:52.0084 5084 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:28:52.0144 5084 umbus - ok
19:28:52.0204 5084 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:28:52.0214 5084 UmPass - ok
19:28:52.0614 5084 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
19:28:52.0634 5084 UmRdpService - ok
19:28:53.0254 5084 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:28:53.0284 5084 upnphost - ok
19:28:53.0474 5084 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:28:53.0514 5084 usbaudio - ok
19:28:53.0654 5084 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:53.0664 5084 usbccgp - ok
19:28:53.0884 5084 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:28:53.0904 5084 usbcir - ok
19:28:54.0064 5084 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:28:54.0084 5084 usbehci - ok
19:28:55.0384 5084 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:28:55.0474 5084 usbhub - ok
19:28:55.0544 5084 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:28:55.0554 5084 usbohci - ok
19:28:55.0644 5084 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:28:55.0654 5084 usbprint - ok
19:28:55.0744 5084 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:55.0744 5084 USBSTOR - ok
19:28:55.0824 5084 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:28:55.0834 5084 usbuhci - ok
19:28:56.0084 5084 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:28:56.0114 5084 usbvideo - ok
19:28:56.0314 5084 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:28:56.0334 5084 UxSms - ok
19:28:56.0464 5084 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:28:56.0464 5084 VaultSvc - ok
19:28:56.0574 5084 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:28:56.0594 5084 vdrvroot - ok
19:28:57.0114 5084 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:28:57.0144 5084 vds - ok
19:28:57.0214 5084 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:57.0224 5084 vga - ok
19:28:57.0274 5084 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:28:57.0274 5084 VgaSave - ok
19:28:57.0454 5084 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:28:57.0484 5084 vhdmp - ok
19:28:57.0514 5084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:28:57.0544 5084 viaide - ok
19:28:57.0824 5084 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
19:28:57.0844 5084 vmbus - ok
19:28:57.0924 5084 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
19:28:57.0924 5084 VMBusHID - ok
19:28:58.0084 5084 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:28:58.0094 5084 volmgr - ok
19:28:58.0394 5084 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:28:58.0424 5084 volmgrx - ok
19:28:58.0894 5084 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:28:58.0924 5084 volsnap - ok
19:28:59.0384 5084 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:28:59.0424 5084 vsmraid - ok
19:29:02.0674 5084 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:29:02.0784 5084 VSS - ok
19:29:03.0814 5084 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:29:03.0844 5084 vwifibus - ok
19:29:04.0844 5084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:29:05.0154 5084 W32Time - ok
19:29:05.0694 5084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:29:05.0814 5084 WacomPen - ok
19:29:07.0094 5084 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:07.0134 5084 WANARP - ok
19:29:07.0164 5084 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:07.0164 5084 Wanarpv6 - ok
19:29:17.0634 5084 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:29:18.0164 5084 wbengine - ok
19:29:24.0234 5084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:29:24.0274 5084 WbioSrvc - ok
19:29:24.0864 5084 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:29:25.0334 5084 wcncsvc - ok
19:29:25.0544 5084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:29:25.0604 5084 WcsPlugInService - ok
19:29:26.0004 5084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:29:26.0024 5084 Wd - ok
19:29:27.0154 5084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:29:27.0214 5084 Wdf01000 - ok
19:29:27.0454 5084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:29:27.0534 5084 WdiServiceHost - ok
19:29:27.0534 5084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:29:27.0534 5084 WdiSystemHost - ok
19:29:27.0784 5084 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:29:27.0804 5084 WebClient - ok
19:29:28.0104 5084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:29:28.0164 5084 Wecsvc - ok
19:29:28.0274 5084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:29:28.0284 5084 wercplsupport - ok
19:29:28.0354 5084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:29:28.0364 5084 WerSvc - ok
19:29:28.0594 5084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:28.0604 5084 WfpLwf - ok
19:29:28.0694 5084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:29:28.0704 5084 WIMMount - ok
19:29:28.0864 5084 WinDefend - ok
19:29:28.0874 5084 WinHttpAutoProxySvc - ok
19:29:29.0374 5084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:29:29.0484 5084 Winmgmt - ok
19:29:33.0674 5084 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:29:33.0904 5084 WinRM - ok
19:29:35.0614 5084 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:29:35.0644 5084 WinUsb - ok
19:29:36.0604 5084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:29:36.0714 5084 Wlansvc - ok
19:29:41.0024 5084 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:29:41.0104 5084 wlidsvc - ok
19:29:42.0464 5084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:29:42.0474 5084 WmiAcpi - ok
19:29:43.0894 5084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:29:43.0904 5084 wmiApSrv - ok
19:29:44.0074 5084 WMPNetworkSvc - ok
19:29:44.0154 5084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:29:44.0184 5084 WPCSvc - ok
19:29:44.0544 5084 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:29:44.0584 5084 WPDBusEnum - ok
19:29:44.0654 5084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:29:44.0664 5084 ws2ifsl - ok
19:29:45.0054 5084 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
19:29:45.0144 5084 wscsvc - ok
19:29:45.0144 5084 WSearch - ok
19:29:48.0034 5084 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:29:48.0094 5084 wuauserv - ok
19:29:48.0524 5084 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:29:48.0554 5084 WudfPf - ok
19:29:48.0704 5084 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:48.0714 5084 WUDFRd - ok
19:29:48.0924 5084 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:29:48.0934 5084 wudfsvc - ok
19:29:49.0774 5084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:29:50.0034 5084 WwanSvc - ok
19:29:50.0104 5084 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:29:50.0204 5084 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:29:50.0204 5084 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:29:50.0224 5084 Boot (0x1200) (fcf86ad06e0d3ab6b78777988ec43e30) \Device\Harddisk0\DR0\Partition0
19:29:50.0254 5084 \Device\Harddisk0\DR0\Partition0 - ok
19:29:50.0284 5084 Boot (0x1200) (3603daa2cbb86347379f8d7d11325ff5) \Device\Harddisk0\DR0\Partition1
19:29:50.0314 5084 \Device\Harddisk0\DR0\Partition1 - ok
19:29:50.0314 5084 ============================================================
19:29:50.0314 5084 Scan finished
19:29:50.0314 5084 ============================================================
19:29:50.0324 3196 Detected object count: 1
19:29:50.0324 3196 Actual detected object count: 1
19:30:08.0254 3196 \Device\Harddisk0\DR0\# - copied to quarantine
19:30:08.0254 3196 \Device\Harddisk0\DR0 - copied to quarantine
19:30:08.0734 3196 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:30:08.0744 3196 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:30:08.0774 3196 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:30:08.0814 3196 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:30:08.0894 3196 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:30:08.0954 3196 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:30:08.0954 3196 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:30:08.0964 3196 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:30:08.0984 3196 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:30:08.0984 3196 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:30:09.0004 3196 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:30:09.0004 3196 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:30:09.0014 3196 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:30:09.0014 3196 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:30:09.0064 3196 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:30:09.0094 3196 \Device\Harddisk0\DR0 - ok
19:30:15.0154 3196 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:32:59.0404 8732 Deinitialize success




And


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 23:43:43
-----------------------------
23:43:43.967 OS Version: Windows x64 6.1.7600
23:43:43.967 Number of processors: 4 586 0xF0B
23:43:43.967 ComputerName: STEVE-PC UserName: Steve
23:43:45.512 Initialize success
23:43:49.490 AVAST engine defs: 12062201
23:43:51.674 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7
23:43:51.674 Disk 0 Vendor: ST3250410AS 3.AAF Size: 238475MB BusType: 3
23:43:51.689 Disk 0 MBR read successfully
23:43:51.705 Disk 0 MBR scan
23:43:51.705 Disk 0 Windows 7 default MBR code
23:43:51.721 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:43:51.736 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
23:43:51.783 Disk 0 scanning C:\Windows\system32\drivers
23:44:03.686 Service scanning
23:44:25.900 Modules scanning
23:44:25.900 Disk 0 trace - called modules:
23:44:25.916 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:44:25.916 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800468b060]
23:44:25.916 3 CLASSPNP.SYS[fffff8800188d43f] -> nt!IofCallDriver -> [0xfffffa800396ce40]
23:44:25.931 5 ACPI.sys[fffff88000f87781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-7[0xfffffa80043f9060]
23:44:27.008 AVAST engine scan C:\Windows
23:44:30.767 AVAST engine scan C:\Windows\system32
23:50:36.827 AVAST engine scan C:\Windows\system32\drivers
23:50:48.737 AVAST engine scan C:\Users\Steve
23:50:50.757 File: C:\Users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll **INFECTED** Win32:Kryptik-IWR [Trj]
00:01:37.259 AVAST engine scan C:\ProgramData
00:06:06.887 Scan finished successfully
00:06:43.617 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
00:06:43.617 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"




Thank you again

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 23 June 2012 - 08:19 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 s1ick

s1ick
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 23 June 2012 - 10:29 AM

Good afternoon,

I was not able to run it in safe mode but I tried it in normal and it worked this time.


ComboFix 12-06-21.03 - Steve 06/23/2012 9:53.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2652 [GMT -4:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\facebox.css
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\facebox.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\Images\b.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\Images\bl.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\Images\br.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\Images\closelabel.gif
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\Images\loading.gif
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\Images\tl.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\facebox\Images\tr.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\jquery-1.4.2.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps.html
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\messaging.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\push.html
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\socialapi.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\utilityapi.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\chrome\content\workers_chain.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\searchplugins\bing-zugo.xml
c:\windows\Installer\{b8623368-891e-c491-76be-f9d2d09960e7}\@
c:\windows\Installer\{b8623368-891e-c491-76be-f9d2d09960e7}\U\00000001.@
c:\windows\Installer\{b8623368-891e-c491-76be-f9d2d09960e7}\U\80000000.@
c:\windows\Installer\{b8623368-891e-c491-76be-f9d2d09960e7}\U\800000cb.@
c:\windows\svchost.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 14:04 . 2012-06-23 14:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 06:33 . 2012-06-23 06:33 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia
2012-06-22 23:30 . 2012-06-22 23:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-22 02:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 02:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 02:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 02:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 02:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 02:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 02:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 02:05 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 02:05 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 09:27 . 2012-06-21 09:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-13 20:41 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 20:41 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 20:41 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:41 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 20:41 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:41 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:40 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:40 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:40 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:40 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 20:40 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 20:40 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:40 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 20:40 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-09 18:29 . 2012-06-09 18:29 -------- d-----w- C:\found.000
2012-05-24 16:08 . 2012-05-24 16:08 -------- d-----w- c:\users\Steve\AppData\Roaming\Avira
2012-05-24 16:02 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-24 16:02 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-24 16:02 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-24 16:02 . 2012-05-24 16:02 -------- d-----w- c:\programdata\Avira
2012-05-24 16:02 . 2012-05-24 16:02 -------- d-----w- c:\program files (x86)\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 05:56 . 2012-04-04 22:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 05:56 . 2011-05-27 14:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-05-22 15:45 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E3C17B-0578-4C9B-A473-CC0AB24818CD}\mpengine.dll
2012-04-06 05:22 . 2012-05-23 05:12 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:32 . 2012-04-06 02:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 02:32 . 2012-04-06 02:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-05-23 05:12 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-05-23 05:12 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-05-23 05:12 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-05-23 05:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-05-23 05:12 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-05-23 05:12 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-05-23 05:12 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-05-23 05:12 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-05-23 05:12 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-05-23 05:12 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-05-23 05:12 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-05-23 05:12 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-05-23 05:12 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-05-23 05:12 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-05-23 05:12 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-05-23 05:12 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-05-23 05:12 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2009-07-13 21:59 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-05-23 05:12 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-05-23 05:12 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-05-23 05:12 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-05-23 05:12 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-05-23 05:12 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-05-23 05:12 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-05-23 05:12 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2009-07-13 21:59 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-05-23 05:12 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-05-23 05:12 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-05-23 05:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-05-23 05:12 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-05-23 05:12 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-05-23 05:12 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-05-23 05:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-05-23 05:12 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-05-23 05:12 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-05-23 05:12 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-05-23 05:12 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-05-23 05:12 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-05-23 05:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-05-23 05:12 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-05-23 05:12 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-05-23 05:12 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-05-23 05:12 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-02 05:34 . 2012-05-10 23:03 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-10 23:03 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-10 23:03 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-30 11:09 . 2012-05-10 23:03 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2010-10-25 81920]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files (x86)\AIM\aim.exe" [2003-08-01 61440]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"DeadAIM"="c:\progra~2\AIM\\DeadAIM.ocm" [2010-10-13 144896]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-01-11 296056]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 136176]
R3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:56]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 11:52]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 11:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveblockauctions.com/container_repository/laiexec.cab
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://forums.bimmerforums.com/forum/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109881&babsrc=adbartrp&mntrId=3e4cc86a000000000000002215950c37&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: The Camelizer: izer@camelcamelcamel.com - %profile%\extensions\izer@camelcamelcamel.com
FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ATI - c:\users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll
Wow6432Node-HKU-Default-Run-ATI - c:\users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{59C6F12B-F004-43E5-9997-08F2123119B6}"=hex:51,66,7a,6c,4c,1d,38,12,45,f2,d5,
5d,36,be,8b,06,e6,81,4b,b2,17,6f,5d,a2
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"=hex:51,66,7a,6c,4c,1d,38,12,1d,bc,83,
c9,c4,6e,81,01,e6,2b,f8,d2,06,5d,f9,3a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"=hex:51,66,7a,6c,4c,1d,38,12,0c,e0,e4,
3d,b8,cc,34,0e,c3,b9,18,39,ba,81,ae,74
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,a1,6b,00,7b,47,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
.
**************************************************************************
.
Completion time: 2012-06-23 10:13:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 14:13
.
Pre-Run: 13,745,557,504 bytes free
Post-Run: 15,117,606,912 bytes free
.
- - End Of File - - 36136DD3A69BFF6F336A68E58CE311E7

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 23 June 2012 - 12:00 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Premiumplay Codec-C

File::
C:\Users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll

DDS::
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot

Firefox::
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109881&babsrc=adbartrp&mntrId=3e4cc86a000000000000002215950c37&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 s1ick

s1ick
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 23 June 2012 - 12:23 PM

Log for ComboFix

ComboFix 12-06-21.03 - Steve 06/23/2012 13:05:03.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2587 [GMT -4:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
Command switches used :: c:\users\Steve\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Steve\AppData\Local\Microsoft\ATI\ypncnfq.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Premiumplay Codec-C
c:\program files (x86)\Premiumplay Codec-C\appAPIinternalWrapper.js
c:\program files (x86)\Premiumplay Codec-C\fb.js
c:\program files (x86)\Premiumplay Codec-C\jquery.js
c:\program files (x86)\Premiumplay Codec-C\json.js
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.ico
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.ini
c:\program files (x86)\Premiumplay Codec-C\Premiumplay Codec-CInstaller.log
c:\users\Steve\AppData\Roaming\Ybose
c:\users\Steve\AppData\Roaming\Ybose\maem.ulf
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 17:13 . 2012-06-23 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 06:33 . 2012-06-23 06:33 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia
2012-06-22 23:30 . 2012-06-22 23:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-22 02:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 02:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 02:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 02:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 02:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 02:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 02:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 02:05 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 02:05 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 09:27 . 2012-06-21 09:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-13 20:41 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 20:41 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 20:41 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:41 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 20:41 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:41 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:40 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:40 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:40 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:40 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 20:40 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 20:40 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:40 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 20:40 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-09 18:29 . 2012-06-09 18:29 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 05:56 . 2012-04-04 22:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 05:56 . 2011-05-27 14:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-05-22 15:45 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E3C17B-0578-4C9B-A473-CC0AB24818CD}\mpengine.dll
2012-05-02 19:24 . 2012-05-24 16:02 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-27 14:20 . 2012-05-24 16:02 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-25 04:32 . 2012-05-24 16:02 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-06 05:22 . 2012-05-23 05:12 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:32 . 2012-04-06 02:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 02:32 . 2012-04-06 02:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-05-23 05:12 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-05-23 05:12 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-05-23 05:12 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-05-23 05:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-05-23 05:12 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-05-23 05:12 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-05-23 05:12 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-05-23 05:12 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-05-23 05:12 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-05-23 05:12 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-05-23 05:12 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-05-23 05:12 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-05-23 05:12 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-05-23 05:12 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-05-23 05:12 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-05-23 05:12 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-05-23 05:12 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2009-07-13 21:59 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-05-23 05:12 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-05-23 05:12 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-05-23 05:12 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-05-23 05:12 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-05-23 05:12 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-05-23 05:12 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-05-23 05:12 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2009-07-13 21:59 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-05-23 05:12 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-05-23 05:12 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-05-23 05:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-05-23 05:12 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-05-23 05:12 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-05-23 05:12 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-05-23 05:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-05-23 05:12 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-05-23 05:12 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-05-23 05:12 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-05-23 05:12 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-05-23 05:12 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-05-23 05:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-05-23 05:12 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-05-23 05:12 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-05-23 05:12 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-05-23 05:12 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-02 05:34 . 2012-05-10 23:03 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-10 23:03 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-10 23:03 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-30 11:09 . 2012-05-10 23:03 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_14.05.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-23 17:16 24622 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-13 03:07 . 2012-06-23 17:16 4478 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2977698038-3032072187-2987234856-1001_UserData.bin
+ 2012-06-23 17:14 . 2012-06-23 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-23 14:05 . 2012-06-23 14:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-23 17:14 . 2012-06-23 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-23 14:05 . 2012-06-23 14:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-13 05:42 . 2012-06-23 15:20 263986 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2010-10-13 07:33 . 2012-06-23 05:56 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-13 07:33 . 2012-06-23 14:21 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-06-23 17:13 385520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-23 14:04 385520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-13 07:33 . 2012-06-23 14:21 3358720 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-13 07:33 . 2012-06-23 05:56 3358720 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 14:21 6029312 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-23 05:56 6029312 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-27 07:43 . 2012-06-23 17:13 7422168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2977698038-3032072187-2987234856-1001-12288.dat
- 2010-10-27 07:43 . 2012-06-23 14:04 7422168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2977698038-3032072187-2987234856-1001-12288.dat
- 2009-07-14 02:34 . 2012-06-23 14:01 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-23 14:22 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2010-10-25 81920]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files (x86)\AIM\aim.exe" [2003-08-01 61440]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"DeadAIM"="c:\progra~2\AIM\\DeadAIM.ocm" [2010-10-13 144896]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-01-11 296056]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 136176]
R3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:56]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 11:52]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 11:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveblockauctions.com/container_repository/laiexec.cab
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\683pojv5.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://forums.bimmerforums.com/forum/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: The Camelizer: izer@camelcamelcamel.com - %profile%\extensions\izer@camelcamelcamel.com
FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{59C6F12B-F004-43E5-9997-08F2123119B6}"=hex:51,66,7a,6c,4c,1d,38,12,45,f2,d5,
5d,36,be,8b,06,e6,81,4b,b2,17,6f,5d,a2
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"=hex:51,66,7a,6c,4c,1d,38,12,1d,bc,83,
c9,c4,6e,81,01,e6,2b,f8,d2,06,5d,f9,3a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"=hex:51,66,7a,6c,4c,1d,38,12,0c,e0,e4,
3d,b8,cc,34,0e,c3,b9,18,39,ba,81,ae,74
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,a1,6b,00,7b,47,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2012-06-23 13:22:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 17:22
ComboFix2.txt 2012-06-23 14:13
.
Pre-Run: 15,143,858,176 bytes free
Post-Run: 14,831,161,344 bytes free
.
- - End Of File - - 14F5EC8D8AFADC95D054DABEDA4A51B6

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 23 June 2012 - 12:40 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 s1ick

s1ick
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 23 June 2012 - 12:58 PM

AC3Filter (remove only)
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
AOL Instant Messenger
Applian FLV and Media Player 3.1.1.12
Avira Free Antivirus
BitComet 1.23
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software v5.0.0 for the BlackBerry 8900 smartphone
Borderlands
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
Counter-Strike
Counter-Strike: Source
D3DX10
DeadAIM
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
DivX Setup
DivX Web Player
FLV Player 2.0 (build 25)
Google Update Helper
HijackThis 2.0.2
Java Auto Updater
Java™ 6 Update 29
Left 4 Dead 2
Malwarebytes' Anti-Malware
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.10)
MSVCRT
Nero 7 Demo
NVIDIA PhysX v8.10.29
ooVoo
ooVoo Toolbar
Premiumplay Codec-C
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.3
StarCraft II
Steam
Team Fortress 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Veoh Giraffic Video Accelerator
Veoh Web Player
Veoh Web Player Toolbar
Viewpoint Media Player
VLC media player 2.0.1
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Wootalyzer!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 23 June 2012 - 01:09 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 29
Veoh Giraffic Video Accelerator
Veoh Web Player
Veoh Web Player Toolbar
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 s1ick

s1ick
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 23 June 2012 - 01:51 PM

Gringo,

I could not get Malwarebytes to update. There was an error so I uninstalled the program with Revo Uninstaller and downloaded the newest version from their site. I tried to install it but I got an error that says "Access is Denied"


This is the log for HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:49:05 PM, on 6/23/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\AIM\aim.exe
C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
C:\Program Files (x86)\Diablo III\Diablo III.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.8.11.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: ooVoo Toolbar - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
O3 - Toolbar: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~2\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files (x86)\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://simulcast.manheim.com/simulcast/lib/LiveSound.dll
O16 - DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} (laiExcuter Class) - http://adus1.liveblockauctions.com/container_repository/laiexec.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8840 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 23 June 2012 - 09:18 PM

Uninstall Malwarebytes

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    [list]
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users