Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Indicated a Trojan Horse Dropper Infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 micklee34

micklee34

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 23 June 2012 - 03:44 PM

Hi,

AVG just detected a Trojan Horse Dropper that was a critical system file and could not be removed.

"";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Michael at 21:33:25 on 2012-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3990.1250 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [AdobeBridge]
uRun: [Regedit32] C:\Windows\system32\regedit.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0E82F9BB-962C-4392-A43D-4888CD0E0592} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0E82F9BB-962C-4392-A43D-4888CD0E0592} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{87660E65-D437-4B15-8C1B-858266A6722C} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{87660E65-D437-4B15-8C1B-858266A6722C}\44F424C4540205259465144554 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{87660E65-D437-4B15-8C1B-858266A6722C}\44F424C454F5E45445F523 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87660E65-D437-4B15-8C1B-858266A6722C}\44F626C656D2E45647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87660E65-D437-4B15-8C1B-858266A6722C}\F42716E67656464636665673 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7ke8z3ag.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B92932807-bd14-405d-a6de-6caadb78d259%7D&mid=89d95279f2da47d0a09a55c62f48da20-74a24396c677482c5254d4a7c9d4e78317df171d&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-23%2001%3A07%3A09&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7ke8z3ag.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7ke8z3ag.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-23 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-23 2656280]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-23 935480]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-1-7 2348352]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-23 15:03:37 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-06-23 00:07:30 -------- d-----w- C:\Users\Michael\AppData\Roaming\AVG2012
2012-06-23 00:07:19 -------- d-----w- C:\Users\Michael\AppData\Local\AVG Secure Search
2012-06-23 00:07:08 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-23 00:07:07 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-23 00:07:07 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-23 00:07:02 -------- d--h--w- C:\ProgramData\Common Files
2012-06-23 00:06:59 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-23 00:06:36 -------- d--h--w- C:\$AVG
2012-06-23 00:06:36 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-23 00:06:36 -------- d-----w- C:\ProgramData\AVG2012
2012-06-23 00:06:05 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-23 00:04:54 -------- d-----w- C:\ProgramData\MFAData
2012-06-23 00:04:26 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-21 16:01:57 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 16:01:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 16:01:39 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 16:01:39 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 20:28:42 -------- d-----w- C:\ProgramData\Windows
2012-06-20 20:18:23 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-06-20 20:16:32 -------- d-----w- C:\Users\Michael\AppData\Roaming\BitTorrent
2012-06-20 19:55:05 -------- d-----w- C:\Users\Michael\.config
2012-06-13 22:26:40 -------- d-----w- C:\Users\Michael\AppData\Local\Macromedia
2012-06-13 20:05:08 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 20:05:08 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 20:05:08 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 20:05:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 20:05:05 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 20:05:04 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 20:05:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 20:05:01 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 20:05:01 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 20:05:01 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 20:05:00 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 20:04:59 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 20:04:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 20:04:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 20:04:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 20:04:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 20:04:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-10 15:41:06 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 15:41:06 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 09:11:05 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-06-06 06:22:44 -------- d-----w- C:\Users\Michael\AppData\Roaming\calibre
2012-06-06 06:22:35 -------- d-----w- C:\Program Files (x86)\Calibre2
.
==================== Find3M ====================
.
2012-06-23 15:14:27 328704 ----a-w- C:\Windows\System32\services.exe
2012-06-23 05:40:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 05:40:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 05:40:03 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 03:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-18 19:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-10 22:31:54 2303488 ----a-w- C:\Windows\SysWow64\python27.dll
2012-04-10 22:24:50 2987520 ----a-w- C:\Windows\System32\python27.dll
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-30 09:52:24 13571624 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 21:34:37.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 AM

Posted 23 June 2012 - 11:18 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 micklee34

micklee34
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 24 June 2012 - 01:26 AM

Hi Gringo,

Thanks for such a fast reply, I've followed your instructions and all seems to be running well.

I had to restart after combofix ran as you mentioned.

As requested I've posted the logs below, am I now free of infection?

Any tips on staying infection free in the future? I guess I must have caused the infection.


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


ComboFix 12-06-23.06 - Michael 24/06/2012 7:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3990.1777 [GMT 1:00]
Running from: c:\users\Michael\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\Windows\msseedir.dll
c:\programdata\Windows\xessmsxe.dat
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-23 15:03 . 2012-06-23 15:03 -------- d-----w- c:\windows\Microsoft Antimalware
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\users\Michael\AppData\Roaming\AVG2012
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\users\Michael\AppData\Local\AVG Secure Search
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-23 00:07 . 2012-06-23 00:07 -------- d--h--w- c:\programdata\Common Files
2012-06-23 00:06 . 2012-06-23 00:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-23 00:06 . 2012-06-23 19:52 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-23 00:06 . 2012-06-23 00:10 -------- d-----w- c:\programdata\AVG2012
2012-06-23 00:06 . 2012-06-23 00:06 -------- d-----w- C:\$AVG
2012-06-23 00:06 . 2012-06-23 00:06 -------- d-----w- c:\program files (x86)\AVG
2012-06-23 00:04 . 2012-06-23 19:54 -------- d-----w- c:\programdata\MFAData
2012-06-23 00:04 . 2012-06-23 00:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 16:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:01 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:01 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 20:18 . 2012-06-20 20:18 -------- d-----w- c:\program files (x86)\BitTorrent
2012-06-20 20:16 . 2012-06-23 05:35 -------- d-----w- c:\users\Michael\AppData\Roaming\BitTorrent
2012-06-20 19:55 . 2012-06-20 19:55 -------- d-----w- c:\users\Michael\.config
2012-06-13 22:26 . 2012-06-13 22:26 -------- d-----w- c:\users\Michael\AppData\Local\Macromedia
2012-06-13 20:05 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 20:05 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 20:05 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:05 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 20:05 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 20:05 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 20:05 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 20:05 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:05 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:05 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 20:05 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 20:04 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:04 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:04 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:04 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:04 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 20:04 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-10 15:41 . 2012-06-10 15:41 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 15:41 . 2012-06-10 15:41 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 09:11 . 2012-06-19 22:03 -------- d-----w- c:\users\Michael\AppData\Roaming\vlc
2012-06-09 09:11 . 2012-06-09 09:11 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-06 06:22 . 2012-06-06 21:53 -------- d-----w- c:\users\Michael\AppData\Roaming\calibre
2012-06-06 06:22 . 2012-06-22 21:58 -------- d-----w- c:\program files (x86)\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:14 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-06-23 05:40 . 2012-04-04 06:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 05:40 . 2011-09-23 08:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 05:40 . 2012-04-04 07:40 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-10 22:31 . 2012-04-10 22:31 2303488 ----a-w- c:\windows\SysWow64\python27.dll
2012-04-10 22:24 . 2012-04-10 22:24 2987520 ----a-w- c:\windows\system32\python27.dll
2012-04-04 14:56 . 2011-09-26 21:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 16:48 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-30 09:52 . 2011-09-30 09:52 13571624 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-23 00:07 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-23 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-23 1104440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-23 935480]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:40]
.
2012-06-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0E82F9BB-962C-4392-A43D-4888CD0E0592}: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7ke8z3ag.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B92932807-bd14-405d-a6de-6caadb78d259%7D&mid=89d95279f2da47d0a09a55c62f48da20-74a24396c677482c5254d4a7c9d4e78317df171d&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-23%2001%3A07%3A09&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-24 07:16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 06:16
.
Pre-Run: 227,429,830,656 bytes free
Post-Run: 227,078,197,248 bytes free
.
- - End Of File - - 6FD4A12C3CC4441CB74CFEFF43F0D4C5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 AM

Posted 24 June 2012 - 01:33 AM

Greetings micklee34

That is only one scan so it is to early to say you are clean

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 micklee34

micklee34
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 24 June 2012 - 05:16 AM

Hi Gringo,

Please find below details of both scans (PC seems to be running fine)

Thanks again, for taking time to fix this.

08:17:37.0427 5456 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
08:17:37.0614 5456 ============================================================
08:17:37.0614 5456 Current date / time: 2012/06/24 08:17:37.0614
08:17:37.0614 5456 SystemInfo:
08:17:37.0614 5456
08:17:37.0614 5456 OS Version: 6.1.7601 ServicePack: 1.0
08:17:37.0614 5456 Product type: Workstation
08:17:37.0614 5456 ComputerName: MICHAEL-LAPTOP
08:17:37.0614 5456 UserName: Michael
08:17:37.0614 5456 Windows directory: C:\Windows
08:17:37.0614 5456 System windows directory: C:\Windows
08:17:37.0614 5456 Running under WOW64
08:17:37.0614 5456 Processor architecture: Intel x64
08:17:37.0614 5456 Number of processors: 4
08:17:37.0614 5456 Page size: 0x1000
08:17:37.0614 5456 Boot type: Normal boot
08:17:37.0614 5456 ============================================================
08:17:38.0222 5456 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:17:38.0238 5456 ============================================================
08:17:38.0238 5456 \Device\Harddisk0\DR0:
08:17:38.0238 5456 MBR partitions:
08:17:38.0238 5456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
08:17:38.0238 5456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
08:17:38.0238 5456 ============================================================
08:17:38.0269 5456 C: <-> \Device\Harddisk0\DR0\Partition1
08:17:38.0269 5456 ============================================================
08:17:38.0269 5456 Initialize success
08:17:38.0269 5456 ============================================================
08:17:40.0406 4448 ============================================================
08:17:40.0406 4448 Scan started
08:17:40.0406 4448 Mode: Manual;
08:17:40.0406 4448 ============================================================
08:17:40.0999 4448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:17:41.0015 4448 1394ohci - ok
08:17:41.0062 4448 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
08:17:41.0062 4448 Acceler - ok
08:17:41.0108 4448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:17:41.0140 4448 ACPI - ok
08:17:41.0171 4448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:17:41.0186 4448 AcpiPmi - ok
08:17:41.0233 4448 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
08:17:41.0233 4448 adfs - ok
08:17:41.0358 4448 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:17:41.0358 4448 AdobeARMservice - ok
08:17:41.0483 4448 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:17:41.0514 4448 AdobeFlashPlayerUpdateSvc - ok
08:17:41.0592 4448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:17:41.0623 4448 adp94xx - ok
08:17:41.0686 4448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:17:41.0701 4448 adpahci - ok
08:17:41.0748 4448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:17:41.0764 4448 adpu320 - ok
08:17:41.0795 4448 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:17:41.0795 4448 AeLookupSvc - ok
08:17:41.0857 4448 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
08:17:41.0857 4448 AERTFilters - ok
08:17:41.0935 4448 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:17:41.0966 4448 AFD - ok
08:17:41.0998 4448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:17:42.0013 4448 agp440 - ok
08:17:42.0029 4448 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:17:42.0029 4448 ALG - ok
08:17:42.0060 4448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:17:42.0060 4448 aliide - ok
08:17:42.0060 4448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:17:42.0060 4448 amdide - ok
08:17:42.0076 4448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:17:42.0076 4448 AmdK8 - ok
08:17:42.0091 4448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:17:42.0091 4448 AmdPPM - ok
08:17:42.0122 4448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:17:42.0138 4448 amdsata - ok
08:17:42.0185 4448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:17:42.0216 4448 amdsbs - ok
08:17:42.0247 4448 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:17:42.0247 4448 amdxata - ok
08:17:42.0263 4448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:17:42.0263 4448 AppID - ok
08:17:42.0278 4448 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:17:42.0278 4448 AppIDSvc - ok
08:17:42.0294 4448 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:17:42.0294 4448 Appinfo - ok
08:17:42.0388 4448 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:17:42.0403 4448 Apple Mobile Device - ok
08:17:42.0450 4448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:17:42.0450 4448 arc - ok
08:17:42.0497 4448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:17:42.0497 4448 arcsas - ok
08:17:42.0606 4448 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:17:42.0622 4448 aspnet_state - ok
08:17:42.0637 4448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:17:42.0637 4448 AsyncMac - ok
08:17:42.0668 4448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:17:42.0684 4448 atapi - ok
08:17:42.0746 4448 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:17:42.0809 4448 AudioEndpointBuilder - ok
08:17:42.0824 4448 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:17:42.0824 4448 AudioSrv - ok
08:17:43.0152 4448 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
08:17:43.0261 4448 AVGIDSAgent - ok
08:17:43.0355 4448 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:17:43.0370 4448 AVGIDSDriver - ok
08:17:43.0402 4448 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
08:17:43.0402 4448 AVGIDSFilter - ok
08:17:43.0433 4448 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
08:17:43.0433 4448 AVGIDSHA - ok
08:17:43.0495 4448 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
08:17:43.0511 4448 Avgldx64 - ok
08:17:43.0542 4448 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
08:17:43.0542 4448 Avgmfx64 - ok
08:17:43.0558 4448 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
08:17:43.0573 4448 Avgrkx64 - ok
08:17:43.0620 4448 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
08:17:43.0636 4448 Avgtdia - ok
08:17:43.0729 4448 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
08:17:43.0745 4448 avgwd - ok
08:17:43.0776 4448 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:17:43.0776 4448 AxInstSV - ok
08:17:43.0838 4448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:17:43.0870 4448 b06bdrv - ok
08:17:43.0916 4448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:17:43.0916 4448 b57nd60a - ok
08:17:43.0948 4448 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:17:43.0979 4448 BDESVC - ok
08:17:43.0979 4448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:17:43.0979 4448 Beep - ok
08:17:44.0041 4448 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:17:44.0057 4448 BFE - ok
08:17:44.0135 4448 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:17:44.0166 4448 BITS - ok
08:17:44.0213 4448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:17:44.0213 4448 blbdrive - ok
08:17:44.0306 4448 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:17:44.0322 4448 Bonjour Service - ok
08:17:44.0384 4448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:17:44.0400 4448 bowser - ok
08:17:44.0416 4448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:17:44.0431 4448 BrFiltLo - ok
08:17:44.0431 4448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:17:44.0447 4448 BrFiltUp - ok
08:17:44.0478 4448 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:17:44.0478 4448 BridgeMP - ok
08:17:44.0509 4448 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:17:44.0509 4448 Browser - ok
08:17:44.0556 4448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:17:44.0556 4448 Brserid - ok
08:17:44.0572 4448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:17:44.0587 4448 BrSerWdm - ok
08:17:44.0587 4448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:17:44.0603 4448 BrUsbMdm - ok
08:17:44.0618 4448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:17:44.0618 4448 BrUsbSer - ok
08:17:44.0618 4448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:17:44.0618 4448 BTHMODEM - ok
08:17:44.0650 4448 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:17:44.0650 4448 bthserv - ok
08:17:44.0665 4448 catchme - ok
08:17:44.0696 4448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:17:44.0712 4448 cdfs - ok
08:17:44.0759 4448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:17:44.0759 4448 cdrom - ok
08:17:44.0790 4448 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:17:44.0790 4448 CertPropSvc - ok
08:17:44.0821 4448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:17:44.0821 4448 circlass - ok
08:17:44.0852 4448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:17:44.0868 4448 CLFS - ok
08:17:44.0946 4448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:17:44.0946 4448 clr_optimization_v2.0.50727_32 - ok
08:17:45.0008 4448 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:17:45.0008 4448 clr_optimization_v2.0.50727_64 - ok
08:17:45.0071 4448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:17:45.0102 4448 clr_optimization_v4.0.30319_32 - ok
08:17:45.0149 4448 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:17:45.0164 4448 clr_optimization_v4.0.30319_64 - ok
08:17:45.0196 4448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:17:45.0196 4448 CmBatt - ok
08:17:45.0211 4448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:17:45.0211 4448 cmdide - ok
08:17:45.0289 4448 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:17:45.0305 4448 CNG - ok
08:17:45.0336 4448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:17:45.0336 4448 Compbatt - ok
08:17:45.0367 4448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:17:45.0367 4448 CompositeBus - ok
08:17:45.0367 4448 COMSysApp - ok
08:17:45.0383 4448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:17:45.0383 4448 crcdisk - ok
08:17:45.0430 4448 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:17:45.0445 4448 CryptSvc - ok
08:17:45.0508 4448 CtClsFlt (df214bff646880d0eb31bdc86136b29b) C:\Windows\system32\DRIVERS\CtClsFlt.sys
08:17:45.0523 4448 CtClsFlt - ok
08:17:45.0570 4448 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
08:17:45.0586 4448 dc3d - ok
08:17:45.0632 4448 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:17:45.0648 4448 DcomLaunch - ok
08:17:45.0679 4448 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:17:45.0695 4448 defragsvc - ok
08:17:45.0726 4448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:17:45.0742 4448 DfsC - ok
08:17:45.0773 4448 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:17:45.0788 4448 Dhcp - ok
08:17:45.0804 4448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:17:45.0804 4448 discache - ok
08:17:45.0820 4448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:17:45.0835 4448 Disk - ok
08:17:45.0866 4448 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:17:45.0882 4448 Dnscache - ok
08:17:45.0913 4448 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:17:45.0929 4448 dot3svc - ok
08:17:45.0960 4448 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:17:45.0960 4448 DPS - ok
08:17:45.0991 4448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:17:45.0991 4448 drmkaud - ok
08:17:46.0069 4448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:17:46.0100 4448 DXGKrnl - ok
08:17:46.0132 4448 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:17:46.0132 4448 EapHost - ok
08:17:46.0303 4448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:17:46.0366 4448 ebdrv - ok
08:17:46.0475 4448 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:17:46.0475 4448 EFS - ok
08:17:46.0553 4448 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:17:46.0584 4448 ehRecvr - ok
08:17:46.0600 4448 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:17:46.0615 4448 ehSched - ok
08:17:46.0693 4448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:17:46.0709 4448 elxstor - ok
08:17:46.0724 4448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:17:46.0724 4448 ErrDev - ok
08:17:46.0771 4448 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:17:46.0818 4448 EventSystem - ok
08:17:46.0990 4448 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:17:47.0005 4448 EvtEng - ok
08:17:47.0114 4448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:17:47.0114 4448 exfat - ok
08:17:47.0146 4448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:17:47.0161 4448 fastfat - ok
08:17:47.0224 4448 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:17:47.0239 4448 Fax - ok
08:17:47.0255 4448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:17:47.0255 4448 fdc - ok
08:17:47.0286 4448 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:17:47.0286 4448 fdPHost - ok
08:17:47.0302 4448 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:17:47.0302 4448 FDResPub - ok
08:17:47.0317 4448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:17:47.0333 4448 FileInfo - ok
08:17:47.0333 4448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:17:47.0333 4448 Filetrace - ok
08:17:47.0348 4448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:17:47.0348 4448 flpydisk - ok
08:17:47.0395 4448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:17:47.0411 4448 FltMgr - ok
08:17:47.0504 4448 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:17:47.0520 4448 FontCache - ok
08:17:47.0598 4448 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:17:47.0598 4448 FontCache3.0.0.0 - ok
08:17:47.0629 4448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:17:47.0629 4448 FsDepends - ok
08:17:47.0676 4448 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
08:17:47.0676 4448 fssfltr - ok
08:17:47.0816 4448 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:17:47.0848 4448 fsssvc - ok
08:17:47.0926 4448 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:17:47.0941 4448 Fs_Rec - ok
08:17:47.0972 4448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:17:47.0988 4448 fvevol - ok
08:17:48.0019 4448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:17:48.0019 4448 gagp30kx - ok
08:17:48.0066 4448 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:17:48.0066 4448 GEARAspiWDM - ok
08:17:48.0144 4448 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:17:48.0160 4448 gpsvc - ok
08:17:48.0191 4448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:17:48.0191 4448 hcw85cir - ok
08:17:48.0222 4448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:17:48.0238 4448 HDAudBus - ok
08:17:48.0253 4448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:17:48.0253 4448 HidBatt - ok
08:17:48.0284 4448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:17:48.0284 4448 HidBth - ok
08:17:48.0316 4448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:17:48.0316 4448 HidIr - ok
08:17:48.0331 4448 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:17:48.0331 4448 hidserv - ok
08:17:48.0378 4448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:17:48.0378 4448 HidUsb - ok
08:17:48.0394 4448 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:17:48.0425 4448 hkmsvc - ok
08:17:48.0472 4448 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:17:48.0487 4448 HomeGroupListener - ok
08:17:48.0643 4448 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:17:48.0643 4448 HomeGroupProvider - ok
08:17:48.0674 4448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:17:48.0674 4448 HpSAMD - ok
08:17:48.0737 4448 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
08:17:48.0737 4448 HTCAND64 - ok
08:17:48.0815 4448 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
08:17:48.0846 4448 htcnprot - ok
08:17:48.0924 4448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:17:48.0940 4448 HTTP - ok
08:17:48.0955 4448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:17:48.0955 4448 hwpolicy - ok
08:17:49.0002 4448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:17:49.0002 4448 i8042prt - ok
08:17:49.0064 4448 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
08:17:49.0080 4448 iaStor - ok
08:17:49.0111 4448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:17:49.0127 4448 iaStorV - ok
08:17:49.0252 4448 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:17:49.0283 4448 idsvc - ok
08:17:49.0813 4448 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:17:50.0016 4448 igfx - ok
08:17:50.0125 4448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:17:50.0125 4448 iirsp - ok
08:17:50.0203 4448 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:17:50.0250 4448 IKEEXT - ok
08:17:50.0297 4448 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
08:17:50.0312 4448 Impcd - ok
08:17:50.0344 4448 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
08:17:50.0359 4448 intaud_WaveExtensible - ok
08:17:50.0531 4448 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys
08:17:50.0593 4448 IntcAzAudAddService - ok
08:17:50.0702 4448 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:17:50.0702 4448 IntcDAud - ok
08:17:50.0734 4448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:17:50.0749 4448 intelide - ok
08:17:50.0765 4448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:17:50.0765 4448 intelppm - ok
08:17:50.0796 4448 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:17:50.0812 4448 IPBusEnum - ok
08:17:50.0858 4448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:17:50.0858 4448 IpFilterDriver - ok
08:17:50.0921 4448 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:17:50.0936 4448 iphlpsvc - ok
08:17:50.0968 4448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:17:50.0968 4448 IPMIDRV - ok
08:17:51.0014 4448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:17:51.0030 4448 IPNAT - ok
08:17:51.0139 4448 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:17:51.0155 4448 iPod Service - ok
08:17:51.0170 4448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:17:51.0170 4448 IRENUM - ok
08:17:51.0170 4448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:17:51.0170 4448 isapnp - ok
08:17:51.0217 4448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:17:51.0217 4448 iScsiPrt - ok
08:17:51.0264 4448 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
08:17:51.0264 4448 iwdbus - ok
08:17:51.0326 4448 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys
08:17:51.0342 4448 JMCR - ok
08:17:51.0373 4448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:17:51.0373 4448 kbdclass - ok
08:17:51.0404 4448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:17:51.0404 4448 kbdhid - ok
08:17:51.0436 4448 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:17:51.0451 4448 KeyIso - ok
08:17:51.0467 4448 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:17:51.0467 4448 KSecDD - ok
08:17:51.0498 4448 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:17:51.0498 4448 KSecPkg - ok
08:17:51.0514 4448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:17:51.0514 4448 ksthunk - ok
08:17:51.0576 4448 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:17:51.0592 4448 KtmRm - ok
08:17:51.0638 4448 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:17:51.0654 4448 LanmanServer - ok
08:17:51.0685 4448 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:17:51.0701 4448 LanmanWorkstation - ok
08:17:51.0748 4448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:17:51.0748 4448 lltdio - ok
08:17:51.0794 4448 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:17:51.0810 4448 lltdsvc - ok
08:17:51.0841 4448 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:17:51.0841 4448 lmhosts - ok
08:17:51.0935 4448 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:17:51.0950 4448 LMS - ok
08:17:51.0997 4448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:17:52.0013 4448 LSI_FC - ok
08:17:52.0044 4448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:17:52.0060 4448 LSI_SAS - ok
08:17:52.0075 4448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:17:52.0075 4448 LSI_SAS2 - ok
08:17:52.0106 4448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:17:52.0106 4448 LSI_SCSI - ok
08:17:52.0138 4448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:17:52.0200 4448 luafv - ok
08:17:52.0231 4448 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:17:52.0247 4448 Mcx2Svc - ok
08:17:52.0278 4448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:17:52.0278 4448 megasas - ok
08:17:52.0309 4448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:17:52.0325 4448 MegaSR - ok
08:17:52.0356 4448 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:17:52.0356 4448 MEIx64 - ok
08:17:52.0465 4448 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:17:52.0481 4448 Microsoft Office Groove Audit Service - ok
08:17:52.0528 4448 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:17:52.0528 4448 MMCSS - ok
08:17:52.0543 4448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:17:52.0543 4448 Modem - ok
08:17:52.0574 4448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:17:52.0574 4448 monitor - ok
08:17:52.0606 4448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:17:52.0606 4448 mouclass - ok
08:17:52.0637 4448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:17:52.0637 4448 mouhid - ok
08:17:52.0652 4448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:17:52.0652 4448 mountmgr - ok
08:17:52.0715 4448 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:17:52.0730 4448 MozillaMaintenance - ok
08:17:52.0762 4448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:17:52.0793 4448 mpio - ok
08:17:52.0824 4448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:17:52.0824 4448 mpsdrv - ok
08:17:52.0886 4448 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:17:52.0902 4448 MpsSvc - ok
08:17:52.0918 4448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:17:52.0918 4448 MRxDAV - ok
08:17:52.0964 4448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:17:52.0964 4448 mrxsmb - ok
08:17:53.0011 4448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:17:53.0027 4448 mrxsmb10 - ok
08:17:53.0058 4448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:17:53.0089 4448 mrxsmb20 - ok
08:17:53.0370 4448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:17:53.0370 4448 msahci - ok
08:17:53.0666 4448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:17:53.0729 4448 msdsm - ok
08:17:53.0776 4448 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:17:53.0776 4448 MSDTC - ok
08:17:53.0791 4448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:17:53.0791 4448 Msfs - ok
08:17:53.0822 4448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:17:53.0822 4448 mshidkmdf - ok
08:17:53.0885 4448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:17:53.0900 4448 msisadrv - ok
08:17:53.0932 4448 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:17:53.0947 4448 MSiSCSI - ok
08:17:53.0947 4448 msiserver - ok
08:17:53.0994 4448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:17:53.0994 4448 MSKSSRV - ok
08:17:54.0010 4448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:17:54.0025 4448 MSPCLOCK - ok
08:17:54.0041 4448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:17:54.0041 4448 MSPQM - ok
08:17:54.0072 4448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:17:54.0088 4448 MsRPC - ok
08:17:54.0103 4448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:17:54.0103 4448 mssmbios - ok
08:17:54.0119 4448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:17:54.0119 4448 MSTEE - ok
08:17:54.0150 4448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:17:54.0150 4448 MTConfig - ok
08:17:54.0181 4448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:17:54.0181 4448 Mup - ok
08:17:54.0259 4448 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
08:17:54.0275 4448 MyWiFiDHCPDNS - ok
08:17:54.0322 4448 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:17:54.0353 4448 napagent - ok
08:17:54.0400 4448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:17:54.0415 4448 NativeWifiP - ok
08:17:54.0509 4448 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
08:17:54.0524 4448 NDIS - ok
08:17:54.0540 4448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:17:54.0540 4448 NdisCap - ok
08:17:54.0571 4448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:17:54.0571 4448 NdisTapi - ok
08:17:54.0587 4448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:17:54.0587 4448 Ndisuio - ok
08:17:54.0618 4448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:17:54.0618 4448 NdisWan - ok
08:17:54.0634 4448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:17:54.0634 4448 NDProxy - ok
08:17:54.0680 4448 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
08:17:54.0696 4448 Net Driver HPZ12 - ok
08:17:54.0696 4448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:17:54.0712 4448 NetBIOS - ok
08:17:54.0743 4448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:17:54.0743 4448 NetBT - ok
08:17:54.0790 4448 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:17:54.0790 4448 Netlogon - ok
08:17:54.0836 4448 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:17:54.0883 4448 Netman - ok
08:17:54.0992 4448 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:17:55.0008 4448 NetMsmqActivator - ok
08:17:55.0008 4448 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:17:55.0008 4448 NetPipeActivator - ok
08:17:55.0070 4448 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:17:55.0070 4448 netprofm - ok
08:17:55.0086 4448 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:17:55.0086 4448 NetTcpActivator - ok
08:17:55.0086 4448 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:17:55.0102 4448 NetTcpPortSharing - ok
08:17:55.0523 4448 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
08:17:55.0648 4448 NETwNs64 - ok
08:17:55.0757 4448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:17:55.0757 4448 nfrd960 - ok
08:17:55.0804 4448 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:17:55.0819 4448 NlaSvc - ok
08:17:55.0835 4448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:17:55.0835 4448 Npfs - ok
08:17:55.0850 4448 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:17:55.0850 4448 nsi - ok
08:17:55.0850 4448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:17:55.0850 4448 nsiproxy - ok
08:17:55.0975 4448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:17:56.0006 4448 Ntfs - ok
08:17:56.0038 4448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:17:56.0053 4448 Null - ok
08:17:56.0084 4448 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:17:56.0084 4448 nusb3hub - ok
08:17:56.0100 4448 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:17:56.0100 4448 nusb3xhc - ok
08:17:56.0162 4448 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
08:17:56.0178 4448 NVHDA - ok
08:17:56.0272 4448 nvkflt (555ddbaf3d306154c553acbd6780fd1e) C:\Windows\system32\DRIVERS\nvkflt.sys
08:17:56.0287 4448 nvkflt - ok
08:17:56.0864 4448 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:17:57.0052 4448 nvlddmkm - ok
08:17:57.0145 4448 nvpciflt (3629b8c7257c6231a3cfb44359c68b1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
08:17:57.0145 4448 nvpciflt - ok
08:17:57.0192 4448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:17:57.0208 4448 nvraid - ok
08:17:57.0223 4448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:17:57.0270 4448 nvstor - ok
08:17:57.0301 4448 NvStUSB (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\drivers\nvstusb.sys
08:17:57.0317 4448 NvStUSB - ok
08:17:57.0426 4448 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
08:17:57.0442 4448 nvsvc - ok
08:17:57.0676 4448 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:17:57.0707 4448 nvUpdatusService - ok
08:17:57.0832 4448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:17:57.0847 4448 nv_agp - ok
08:17:57.0972 4448 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:17:57.0988 4448 odserv - ok
08:17:58.0003 4448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:17:58.0003 4448 ohci1394 - ok
08:17:58.0034 4448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:17:58.0034 4448 ose - ok
08:17:58.0097 4448 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:17:58.0112 4448 p2pimsvc - ok
08:17:58.0159 4448 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:17:58.0175 4448 p2psvc - ok
08:17:58.0175 4448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:17:58.0175 4448 Parport - ok
08:17:58.0206 4448 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:17:58.0206 4448 partmgr - ok
08:17:58.0253 4448 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
08:17:58.0253 4448 PassThru Service - ok
08:17:58.0284 4448 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:17:58.0284 4448 PcaSvc - ok
08:17:58.0331 4448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:17:58.0346 4448 pci - ok
08:17:58.0362 4448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:17:58.0362 4448 pciide - ok
08:17:58.0393 4448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:17:58.0409 4448 pcmcia - ok
08:17:58.0440 4448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:17:58.0440 4448 pcw - ok
08:17:58.0487 4448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:17:58.0502 4448 PEAUTH - ok
08:17:58.0580 4448 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:17:58.0580 4448 PerfHost - ok
08:17:58.0705 4448 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:17:58.0721 4448 pla - ok
08:17:58.0783 4448 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:17:58.0814 4448 PlugPlay - ok
08:17:58.0861 4448 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
08:17:58.0861 4448 Pml Driver HPZ12 - ok
08:17:58.0877 4448 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:17:58.0877 4448 PNRPAutoReg - ok
08:17:58.0924 4448 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:17:58.0924 4448 PNRPsvc - ok
08:17:59.0002 4448 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
08:17:59.0017 4448 Point64 - ok
08:17:59.0064 4448 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:17:59.0080 4448 PolicyAgent - ok
08:17:59.0126 4448 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:17:59.0142 4448 Power - ok
08:17:59.0173 4448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:17:59.0189 4448 PptpMiniport - ok
08:17:59.0220 4448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:17:59.0220 4448 Processor - ok
08:17:59.0267 4448 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:17:59.0282 4448 ProfSvc - ok
08:17:59.0314 4448 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:17:59.0314 4448 ProtectedStorage - ok
08:17:59.0345 4448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:17:59.0360 4448 Psched - ok
08:17:59.0392 4448 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:17:59.0407 4448 PxHlpa64 - ok
08:17:59.0454 4448 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
08:17:59.0454 4448 qicflt - ok
08:17:59.0563 4448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:17:59.0579 4448 ql2300 - ok
08:17:59.0688 4448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:17:59.0704 4448 ql40xx - ok
08:17:59.0750 4448 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:17:59.0750 4448 QWAVE - ok
08:17:59.0766 4448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:17:59.0782 4448 QWAVEdrv - ok
08:17:59.0782 4448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:17:59.0797 4448 RasAcd - ok
08:17:59.0828 4448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:17:59.0828 4448 RasAgileVpn - ok
08:17:59.0860 4448 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:17:59.0875 4448 RasAuto - ok
08:17:59.0906 4448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:17:59.0922 4448 Rasl2tp - ok
08:17:59.0969 4448 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:17:59.0984 4448 RasMan - ok
08:18:00.0047 4448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:18:00.0047 4448 RasPppoe - ok
08:18:00.0062 4448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:18:00.0062 4448 RasSstp - ok
08:18:00.0140 4448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:18:00.0172 4448 rdbss - ok
08:18:00.0218 4448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:18:00.0218 4448 rdpbus - ok
08:18:00.0234 4448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:18:00.0234 4448 RDPCDD - ok
08:18:00.0250 4448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:18:00.0250 4448 RDPENCDD - ok
08:18:00.0250 4448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:18:00.0265 4448 RDPREFMP - ok
08:18:00.0312 4448 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:18:00.0359 4448 RDPWD - ok
08:18:00.0421 4448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:18:00.0437 4448 rdyboost - ok
08:18:00.0546 4448 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:18:00.0562 4448 RegSrvc - ok
08:18:00.0593 4448 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:18:00.0608 4448 RemoteAccess - ok
08:18:00.0640 4448 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:18:00.0655 4448 RemoteRegistry - ok
08:18:00.0702 4448 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
08:18:00.0718 4448 RimUsb - ok
08:18:00.0905 4448 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
08:18:00.0920 4448 RoxMediaDB12OEM - ok
08:18:00.0967 4448 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
08:18:00.0998 4448 RoxWatch12 - ok
08:18:01.0076 4448 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:18:01.0076 4448 RpcEptMapper - ok
08:18:01.0108 4448 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:18:01.0108 4448 RpcLocator - ok
08:18:01.0154 4448 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:18:01.0170 4448 RpcSs - ok
08:18:01.0217 4448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:18:01.0232 4448 rspndr - ok
08:18:01.0310 4448 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:18:01.0357 4448 RTL8167 - ok
08:18:01.0404 4448 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:18:01.0420 4448 SamSs - ok
08:18:01.0435 4448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:18:01.0466 4448 sbp2port - ok
08:18:01.0498 4448 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:18:01.0513 4448 SCardSvr - ok
08:18:01.0529 4448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:18:01.0529 4448 scfilter - ok
08:18:01.0607 4448 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:18:01.0638 4448 Schedule - ok
08:18:01.0669 4448 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:18:01.0669 4448 SCPolicySvc - ok
08:18:01.0732 4448 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
08:18:01.0747 4448 sdbus - ok
08:18:01.0778 4448 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:18:01.0794 4448 SDRSVC - ok
08:18:01.0810 4448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:18:01.0810 4448 secdrv - ok
08:18:01.0825 4448 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:18:01.0841 4448 seclogon - ok
08:18:01.0856 4448 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:18:01.0856 4448 SENS - ok
08:18:01.0872 4448 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:18:01.0872 4448 SensrSvc - ok
08:18:01.0888 4448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:18:01.0888 4448 Serenum - ok
08:18:01.0903 4448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:18:01.0903 4448 Serial - ok
08:18:01.0903 4448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:18:01.0903 4448 sermouse - ok
08:18:01.0934 4448 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:18:01.0950 4448 SessionEnv - ok
08:18:01.0966 4448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:18:01.0966 4448 sffdisk - ok
08:18:01.0981 4448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:18:01.0981 4448 sffp_mmc - ok
08:18:01.0981 4448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:18:01.0997 4448 sffp_sd - ok
08:18:01.0997 4448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:18:01.0997 4448 sfloppy - ok
08:18:02.0059 4448 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:18:02.0075 4448 SharedAccess - ok
08:18:02.0106 4448 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:18:02.0122 4448 ShellHWDetection - ok
08:18:02.0137 4448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:18:02.0137 4448 SiSRaid2 - ok
08:18:02.0153 4448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:18:02.0153 4448 SiSRaid4 - ok
08:18:02.0215 4448 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
08:18:02.0231 4448 SkypeUpdate - ok
08:18:02.0246 4448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:18:02.0262 4448 Smb - ok
08:18:02.0278 4448 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:18:02.0278 4448 SNMPTRAP - ok
08:18:02.0278 4448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:18:02.0278 4448 spldr - ok
08:18:02.0340 4448 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:18:02.0356 4448 Spooler - ok
08:18:02.0527 4448 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:18:02.0574 4448 sppsvc - ok
08:18:02.0652 4448 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:18:02.0668 4448 sppuinotify - ok
08:18:02.0730 4448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:18:02.0746 4448 srv - ok
08:18:02.0808 4448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:18:02.0855 4448 srv2 - ok
08:18:02.0886 4448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:18:02.0886 4448 srvnet - ok
08:18:02.0933 4448 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:18:02.0948 4448 SSDPSRV - ok
08:18:02.0964 4448 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:18:02.0964 4448 SstpSvc - ok
08:18:02.0995 4448 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
08:18:02.0995 4448 stdcfltn - ok
08:18:03.0136 4448 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:18:03.0151 4448 Stereo Service - ok
08:18:03.0167 4448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:18:03.0182 4448 stexstor - ok
08:18:03.0214 4448 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
08:18:03.0229 4448 StillCam - ok
08:18:03.0292 4448 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:18:03.0307 4448 stisvc - ok
08:18:03.0370 4448 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:18:03.0370 4448 stllssvr - ok
08:18:03.0385 4448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:18:03.0385 4448 swenum - ok
08:18:03.0494 4448 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:18:03.0510 4448 SwitchBoard - ok
08:18:03.0557 4448 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:18:03.0588 4448 swprv - ok
08:18:03.0697 4448 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
08:18:03.0744 4448 SynTP - ok
08:18:03.0916 4448 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:18:03.0963 4448 SysMain - ok
08:18:04.0025 4448 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:18:04.0041 4448 TabletInputService - ok
08:18:04.0072 4448 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:18:04.0087 4448 TapiSrv - ok
08:18:04.0103 4448 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:18:04.0119 4448 TBS - ok
08:18:04.0259 4448 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:18:04.0290 4448 Tcpip - ok
08:18:04.0446 4448 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:18:04.0477 4448 TCPIP6 - ok
08:18:04.0540 4448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:18:04.0540 4448 tcpipreg - ok
08:18:04.0571 4448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:18:04.0571 4448 TDPIPE - ok
08:18:04.0602 4448 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:18:04.0602 4448 TDTCP - ok
08:18:04.0633 4448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:18:04.0649 4448 tdx - ok
08:18:04.0680 4448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:18:04.0680 4448 TermDD - ok
08:18:04.0743 4448 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:18:04.0789 4448 TermService - ok
08:18:04.0805 4448 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:18:04.0805 4448 Themes - ok
08:18:04.0836 4448 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:18:04.0836 4448 THREADORDER - ok
08:18:04.0867 4448 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:18:04.0883 4448 TrkWks - ok
08:18:04.0945 4448 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:18:04.0945 4448 TrustedInstaller - ok
08:18:04.0977 4448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:18:04.0977 4448 tssecsrv - ok
08:18:05.0008 4448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:18:05.0008 4448 TsUsbFlt - ok
08:18:05.0023 4448 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:18:05.0023 4448 TsUsbGD - ok
08:18:05.0070 4448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:18:05.0070 4448 tunnel - ok
08:18:05.0101 4448 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
08:18:05.0101 4448 TurboB - ok
08:18:05.0164 4448 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
08:18:05.0179 4448 TurboBoost - ok
08:18:05.0211 4448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:18:05.0211 4448 uagp35 - ok
08:18:05.0242 4448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:18:05.0273 4448 udfs - ok
08:18:05.0320 4448 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:18:05.0320 4448 UI0Detect - ok
08:18:05.0351 4448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:18:05.0351 4448 uliagpkx - ok
08:18:05.0398 4448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:18:05.0413 4448 umbus - ok
08:18:05.0429 4448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:18:05.0429 4448 UmPass - ok
08:18:05.0647 4448 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:18:05.0694 4448 UNS - ok
08:18:05.0788 4448 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:18:05.0803 4448 upnphost - ok
08:18:05.0881 4448 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:18:05.0897 4448 usbaudio - ok
08:18:05.0913 4448 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
08:18:05.0944 4448 usbccgp - ok
08:18:05.0959 4448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:18:05.0991 4448 usbcir - ok
08:18:06.0006 4448 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:18:06.0006 4448 usbehci - ok
08:18:06.0069 4448 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:18:06.0084 4448 usbhub - ok
08:18:06.0115 4448 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:18:06.0115 4448 usbohci - ok
08:18:06.0131 4448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:18:06.0131 4448 usbprint - ok
08:18:06.0162 4448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:18:06.0162 4448 USBSTOR - ok
08:18:06.0178 4448 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:18:06.0178 4448 usbuhci - ok
08:18:06.0271 4448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:18:06.0287 4448 usbvideo - ok
08:18:06.0303 4448 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:18:06.0318 4448 UxSms - ok
08:18:06.0365 4448 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:18:06.0365 4448 VaultSvc - ok
08:18:06.0381 4448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:18:06.0396 4448 vdrvroot - ok
08:18:06.0427 4448 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:18:06.0443 4448 vds - ok
08:18:06.0443 4448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:18:06.0443 4448 vga - ok
08:18:06.0459 4448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:18:06.0459 4448 VgaSave - ok
08:18:06.0490 4448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:18:06.0490 4448 vhdmp - ok
08:18:06.0505 4448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:18:06.0521 4448 viaide - ok
08:18:06.0537 4448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:18:06.0537 4448 volmgr - ok
08:18:06.0568 4448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:18:06.0583 4448 volmgrx - ok
08:18:06.0615 4448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:18:06.0630 4448 volsnap - ok
08:18:06.0677 4448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:18:06.0677 4448 vsmraid - ok
08:18:06.0833 4448 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:18:06.0849 4448 VSS - ok
08:18:07.0020 4448 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
08:18:07.0036 4448 vToolbarUpdater11.1.0 - ok
08:18:07.0114 4448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:18:07.0114 4448 vwifibus - ok
08:18:07.0145 4448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:18:07.0145 4448 vwififlt - ok
08:18:07.0176 4448 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:18:07.0176 4448 vwifimp - ok
08:18:07.0223 4448 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:18:07.0239 4448 W32Time - ok
08:18:07.0254 4448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:18:07.0254 4448 WacomPen - ok
08:18:07.0285 4448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:18:07.0285 4448 WANARP - ok
08:18:07.0285 4448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:18:07.0301 4448 Wanarpv6 - ok
08:18:07.0410 4448 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:18:07.0457 4448 WatAdminSvc - ok
08:18:07.0566 4448 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:18:07.0582 4448 wbengine - ok
08:18:07.0675 4448 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:18:07.0691 4448 WbioSrvc - ok
08:18:07.0785 4448 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:18:07.0800 4448 wcncsvc - ok
08:18:07.0909 4448 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:18:07.0909 4448 WcsPlugInService - ok
08:18:08.0050 4448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:18:08.0050 4448 Wd - ok
08:18:08.0112 4448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:18:08.0128 4448 Wdf01000 - ok
08:18:08.0159 4448 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:18:08.0159 4448 WdiServiceHost - ok
08:18:08.0159 4448 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:18:08.0159 4448 WdiSystemHost - ok
08:18:08.0190 4448 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys
08:18:08.0190 4448 wdkmd - ok
08:18:08.0221 4448 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:18:08.0237 4448 WebClient - ok
08:18:08.0268 4448 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:18:08.0284 4448 Wecsvc - ok
08:18:08.0299 4448 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:18:08.0315 4448 wercplsupport - ok
08:18:08.0331 4448 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:18:08.0346 4448 WerSvc - ok
08:18:08.0377 4448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:18:08.0377 4448 WfpLwf - ok
08:18:08.0424 4448 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:18:08.0440 4448 WimFltr - ok
08:18:08.0455 4448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:18:08.0455 4448 WIMMount - ok
08:18:08.0487 4448 WinDefend - ok
08:18:08.0518 4448 WinHttpAutoProxySvc - ok
08:18:08.0580 4448 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:18:08.0596 4448 Winmgmt - ok
08:18:08.0721 4448 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:18:08.0752 4448 WinRM - ok
08:18:08.0892 4448 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:18:08.0892 4448 WinUsb - ok
08:18:08.0986 4448 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:18:09.0017 4448 Wlansvc - ok
08:18:09.0064 4448 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:18:09.0079 4448 wlcrasvc - ok
08:18:09.0251 4448 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:18:09.0282 4448 wlidsvc - ok
08:18:09.0376 4448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:18:09.0376 4448 WmiAcpi - ok
08:18:09.0454 4448 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:18:09.0454 4448 wmiApSrv - ok
08:18:09.0485 4448 WMPNetworkSvc - ok
08:18:09.0532 4448 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:18:09.0532 4448 WPCSvc - ok
08:18:09.0563 4448 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:18:09.0579 4448 WPDBusEnum - ok
08:18:09.0594 4448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:18:09.0594 4448 ws2ifsl - ok
08:18:09.0625 4448 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:18:09.0625 4448 wscsvc - ok
08:18:09.0672 4448 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:18:09.0672 4448 WSDPrintDevice - ok
08:18:09.0688 4448 WSearch - ok
08:18:09.0875 4448 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:18:09.0937 4448 wuauserv - ok
08:18:10.0031 4448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:18:10.0047 4448 WudfPf - ok
08:18:10.0093 4448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:18:10.0109 4448 WUDFRd - ok
08:18:10.0140 4448 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:18:10.0156 4448 wudfsvc - ok
08:18:10.0187 4448 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:18:10.0203 4448 WwanSvc - ok
08:18:10.0234 4448 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:18:10.0468 4448 \Device\Harddisk0\DR0 - ok
08:18:10.0468 4448 Boot (0x1200) (5469d5c151925f6f312b7c8accba5227) \Device\Harddisk0\DR0\Partition0
08:18:10.0468 4448 \Device\Harddisk0\DR0\Partition0 - ok
08:18:10.0483 4448 Boot (0x1200) (935d9df834fa10b64d14e1f5bc549fdb) \Device\Harddisk0\DR0\Partition1
08:18:10.0483 4448 \Device\Harddisk0\DR0\Partition1 - ok
08:18:10.0483 4448 ============================================================
08:18:10.0483 4448 Scan finished
08:18:10.0483 4448 ============================================================
08:18:10.0483 5964 Detected object count: 0
08:18:10.0483 5964 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-24 08:19:07
-----------------------------
08:19:07.021 OS Version: Windows x64 6.1.7601 Service Pack 1
08:19:07.021 Number of processors: 4 586 0x2A07
08:19:07.021 ComputerName: MICHAEL-LAPTOP UserName: Michael
08:19:08.113 Initialize success
08:19:46.734 AVAST engine defs: 12062301
08:21:14.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:21:14.968 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
08:21:15.015 Disk 0 MBR read successfully
08:21:15.015 Disk 0 MBR scan
08:21:15.015 Disk 0 Windows VISTA default MBR code
08:21:15.030 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
08:21:15.046 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
08:21:15.062 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456835 MB offset 41172992
08:21:15.093 Disk 0 scanning C:\Windows\system32\drivers
08:21:23.688 Service scanning
08:21:41.192 Modules scanning
08:21:41.207 Disk 0 trace - called modules:
08:21:41.223 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
08:21:41.238 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065d8060]
08:21:41.238 3 CLASSPNP.SYS[fffff88001bb143f] -> nt!IofCallDriver -> [0xfffffa8006476cb0]
08:21:41.254 5 stdcfltn.sys[fffff88001af1c52] -> nt!IofCallDriver -> [0xfffffa80049f9b20]
08:21:41.270 7 ACPI.sys[fffff88000f8c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004adf050]
08:21:43.017 AVAST engine scan C:\
10:03:11.346 Scan finished successfully
11:12:09.263 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
11:12:09.263 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 AM

Posted 24 June 2012 - 12:19 PM

Greetings micklee34

Things are looking good at this end, How about on your end - any alerts from AVG or anything like that?

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 micklee34

micklee34
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 24 June 2012 - 01:50 PM

Hi Gringo,

That's great to hear.

Here is the ComboFix log as requested. I had to install a new version of the NVidia Driver GT525M as that was having some problems but all seems well now.

I can't thank you enough....

Mick

ComboFix 12-06-24.03 - Michael 24/06/2012 19:32:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3990.2363 [GMT 1:00]
Running from: c:\users\Michael\Downloads\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 18:37 . 2012-06-24 18:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-24 18:37 . 2012-06-24 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 15:59 . 2012-05-15 10:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-06-24 15:59 . 2012-05-15 10:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-06-24 14:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-24 14:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-23 15:03 . 2012-06-23 15:03 -------- d-----w- c:\windows\Microsoft Antimalware
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\users\Michael\AppData\Roaming\AVG2012
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\users\Michael\AppData\Local\AVG Secure Search
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-23 00:07 . 2012-06-23 00:07 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-23 00:07 . 2012-06-23 00:07 -------- d--h--w- c:\programdata\Common Files
2012-06-23 00:06 . 2012-06-23 00:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-23 00:06 . 2012-06-24 15:01 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-23 00:06 . 2012-06-23 00:10 -------- d-----w- c:\programdata\AVG2012
2012-06-23 00:06 . 2012-06-23 00:06 -------- d-----w- C:\$AVG
2012-06-23 00:06 . 2012-06-23 00:06 -------- d-----w- c:\program files (x86)\AVG
2012-06-23 00:04 . 2012-06-24 16:16 -------- d-----w- c:\programdata\MFAData
2012-06-23 00:04 . 2012-06-23 00:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 16:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:01 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:01 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 19:55 . 2012-06-20 19:55 -------- d-----w- c:\users\Michael\.config
2012-06-13 22:26 . 2012-06-13 22:26 -------- d-----w- c:\users\Michael\AppData\Local\Macromedia
2012-06-13 20:05 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 20:05 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 20:05 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:05 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 20:05 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 20:05 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 20:05 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 20:05 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:05 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:05 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 20:05 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 20:04 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:04 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:04 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:04 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:04 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 20:04 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 19:51 . 2012-06-11 19:51 428392 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-10 15:41 . 2012-06-10 15:41 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 15:41 . 2012-06-10 15:41 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 09:11 . 2012-06-19 22:03 -------- d-----w- c:\users\Michael\AppData\Roaming\vlc
2012-06-09 09:11 . 2012-06-09 09:11 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-06 06:22 . 2012-06-06 21:53 -------- d-----w- c:\users\Michael\AppData\Roaming\calibre
2012-06-06 06:22 . 2012-06-22 21:58 -------- d-----w- c:\program files (x86)\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:14 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-06-23 05:40 . 2012-04-04 06:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 05:40 . 2011-09-23 08:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 05:40 . 2012-04-04 07:40 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-12 06:26 . 2012-03-16 23:30 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-12 06:26 . 2012-03-16 23:30 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-12 06:26 . 2012-01-02 15:27 1758056 ----a-w- c:\windows\system32\nvdispco64.dll
2012-06-12 06:26 . 2011-09-23 10:16 968552 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-06-12 06:26 . 2011-09-23 10:16 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-06-12 06:26 . 2011-09-23 10:16 2719592 ----a-w- c:\windows\system32\nvapi64.dll
2012-06-12 02:30 . 2012-03-14 10:27 2653573 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-12 02:29 . 2012-03-14 10:27 3264360 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-12 02:29 . 2012-03-14 10:27 6189928 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-12 02:28 . 2012-03-14 10:27 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-12 02:28 . 2012-03-14 10:27 864104 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-06-12 02:28 . 2012-03-14 10:27 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-12 02:28 . 2012-03-14 10:27 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-06-12 02:28 . 2012-03-14 10:27 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-12 02:28 . 2012-03-14 10:27 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 10:48 . 2012-01-02 15:27 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-10 22:31 . 2012-04-10 22:31 2303488 ----a-w- c:\windows\SysWow64\python27.dll
2012-04-10 22:24 . 2012-04-10 22:24 2987520 ----a-w- c:\windows\system32\python27.dll
2012-04-04 14:56 . 2011-09-26 21:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 16:48 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-30 09:52 . 2011-09-30 09:52 13571624 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-24_06.11.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-24 18:28 56934 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-24 18:28 40316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-26 19:16 . 2012-06-24 18:28 13666 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1104395672-1986187149-1481738984-1002_UserData.bin
- 2009-07-14 05:30 . 2012-04-29 08:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-24 16:22 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-06-24 16:15 . 2012-05-21 13:10 31080 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_e68ea9e3aba05ad4\nvhdap64.dll
+ 2012-06-24 16:15 . 2012-05-21 13:10 72552 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_e68ea9e3aba05ad4\nvapo64v.dll
+ 2012-06-24 15:59 . 2012-04-18 17:08 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhdap64.dll
+ 2012-06-24 15:59 . 2012-04-18 17:08 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvapo64v.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 68928 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\OpenCL64.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 61248 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\OpenCL.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 28992 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvpciflt.sys
+ 2012-06-24 16:15 . 2012-06-12 06:26 60776 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\OpenCL64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 52584 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\OpenCL.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 30056 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvpciflt.sys
+ 2012-06-24 16:15 . 2012-06-12 06:26 30056 c:\windows\system32\drivers\nvpciflt.sys
+ 2009-07-14 04:46 . 2012-06-24 16:10 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-24 15:59 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvdetx.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvdet.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 4096 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvdetx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 4096 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvdet.dll
+ 2012-06-24 18:38 . 2012-06-24 18:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-24 06:11 . 2012-06-24 06:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-24 06:11 . 2012-06-24 06:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-24 18:38 . 2012-06-24 18:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-24 16:15 . 2012-06-12 06:26 827752 c:\windows\SysWOW64\nvumdshim.dll
+ 2012-06-24 16:03 . 2012-06-12 06:26 827752 c:\windows\SysWOW64\NV\igdumdx32.dll
+ 2012-06-24 16:03 . 2012-06-12 06:26 827752 c:\windows\SysWOW64\NV\igd10umd32.dll
+ 2011-09-27 10:16 . 2012-06-24 10:11 298572 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-24 18:27 664780 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-23 22:07 664780 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-24 18:27 125484 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-23 22:07 125484 c:\windows\system32\perfc009.dat
+ 2012-06-24 16:15 . 2012-06-12 06:26 247144 c:\windows\system32\nvinitx.dll
+ 2012-03-14 10:29 . 2012-06-12 06:26 968552 c:\windows\system32\NV\igdumd64.dll
+ 2012-03-14 10:29 . 2012-06-12 06:26 968552 c:\windows\system32\NV\igd10umd64.dll
+ 2009-07-14 05:30 . 2012-06-24 16:22 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-29 08:27 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-29 08:27 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-24 16:22 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-06-24 16:15 . 2012-05-21 13:10 188776 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_e68ea9e3aba05ad4\nvhda64v.sys
+ 2012-06-24 16:15 . 2012-05-21 13:10 156520 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_e68ea9e3aba05ad4\nvhda64.sys
+ 2012-06-24 15:59 . 2012-04-18 17:08 188736 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhda64v.sys
+ 2012-06-24 15:59 . 2012-04-18 17:08 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhda64.sys
+ 2012-06-24 15:59 . 2012-05-15 10:48 949056 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvumdshimx.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 818496 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvumdshim.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 313664 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvml.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 249152 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvkflt.sys
+ 2012-06-24 15:59 . 2012-05-15 10:48 246592 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvinitx.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 202048 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvinit.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 202560 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvidia-smi.exe
+ 2012-06-24 15:59 . 2012-05-15 10:48 249856 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvdxgiwrapx.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 220480 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvdxgiwrap.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 301376 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvdecodemft32.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 364352 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvdecodemft.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 316928 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\Nvd3d9wrapx.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 285504 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\Nvd3d9wrap.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 232768 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\dbInstaller.exe
+ 2012-06-24 16:15 . 2012-06-12 06:26 968552 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvumdshimx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 827752 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvumdshim.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 353640 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvml.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 284008 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvkflt.sys
+ 2012-06-24 16:15 . 2012-06-12 06:26 247144 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvinitx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 202600 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvinit.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 235368 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvidia-smi.exe
+ 2012-06-24 16:15 . 2012-06-12 06:26 322920 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvEncodeAPI64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 285032 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvEncodeAPI.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 249344 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvdxgiwrapx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 220008 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvdxgiwrap.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 222056 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvdebugdump.exe
+ 2012-06-24 16:15 . 2012-06-12 06:26 316928 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\Nvd3d9wrapx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 285544 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\Nvd3d9wrap.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 233320 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\dbInstaller.exe
+ 2012-06-24 16:15 . 2012-06-12 06:26 284008 c:\windows\system32\drivers\nvkflt.sys
+ 2009-07-14 05:01 . 2012-06-24 18:38 657992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-24 06:10 657992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-24 16:15 . 2012-06-12 06:26 2572136 c:\windows\SysWOW64\nvcuvid.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 1864552 c:\windows\SysWOW64\nvcuvenc.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 7586664 c:\windows\SysWOW64\nvcuda.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 2418024 c:\windows\SysWOW64\nvapi.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 1472360 c:\windows\system32\nvdispgenco64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 2743656 c:\windows\system32\nvcuvid.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 2215784 c:\windows\system32\nvcuvenc.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 9048424 c:\windows\system32\nvcuda.dll
+ 2012-06-24 16:15 . 2012-05-21 07:34 1468264 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_e68ea9e3aba05ad4\nvhdagenco64.dll
+ 2012-06-24 15:59 . 2012-04-18 17:08 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvgenco64.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 8105280 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvwgf2um.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 1468224 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvgenco64.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 1066872 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvdrsdb.bin
+ 2012-06-24 15:59 . 2012-05-15 10:48 1738048 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvdispco64.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 2524992 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvcuvid32.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 2681664 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvcuvid.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 2881856 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvcuvenc64.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 2445120 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvcuvenc.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 5982528 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvcuda32.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 8139072 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvcuda.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 2741568 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvapi64.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 2368832 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvapi.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 1070376 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvdrsdb.bin
+ 2012-06-24 16:15 . 2012-06-12 06:26 1472360 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvdispgenco64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 1758056 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvdispco64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 2572136 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvcuvid32.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 2743656 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvcuvid.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 2215784 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvcuvenc64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 1864552 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvcuvenc.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 7586664 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvcuda32.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 9048424 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvcuda.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 2719592 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvapi64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 2418024 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvapi.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 1034088 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\MCU.exe
- 2009-07-14 04:45 . 2012-06-23 00:15 7187735 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-24 15:55 7187735 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-01-20 17:34 . 2012-06-23 21:59 1386296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-20 17:34 . 2012-06-24 12:46 1386296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-26 20:10 . 2012-06-18 05:36 8879644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1104395672-1986187149-1481738984-1002-4096.dat
+ 2011-09-26 20:10 . 2012-06-24 16:01 8879644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1104395672-1986187149-1481738984-1002-4096.dat
+ 2012-06-24 16:15 . 2012-06-12 06:26 12349288 c:\windows\SysWOW64\nvwgf2um.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 19834728 c:\windows\SysWOW64\nvoglv32.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 15282024 c:\windows\SysWOW64\nvd3dum.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 17559912 c:\windows\SysWOW64\nvcompiler.dll
+ 2012-06-24 16:03 . 2012-06-12 06:26 19834728 c:\windows\SysWOW64\NV\ig4icd32.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 14744424 c:\windows\system32\nvwgf2umx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 26238824 c:\windows\system32\nvoglv64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 18231656 c:\windows\system32\nvd3dumx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 25256296 c:\windows\system32\nvcompiler.dll
+ 2012-03-14 10:29 . 2012-06-12 06:26 26238824 c:\windows\system32\NV\ig4icd64.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 10194752 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvwgf2umx.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 25743168 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvoglv64.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 19607872 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvoglv32.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 14298944 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvlddmkm.sys
+ 2012-06-24 15:59 . 2012-05-15 10:48 18044224 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvd3dumx.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 15322432 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvd3dum.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 71931424 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\NvCplSetupInt.exe
+ 2012-06-24 15:59 . 2012-05-15 10:48 17551680 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvcompiler32.dll
+ 2012-06-24 15:59 . 2012-05-15 10:48 25248064 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_265e1f068234e8fd\nvcompiler.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 14744424 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvwgf2umx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 12349288 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvwgf2um.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 26238824 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvoglv64.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 19834728 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvoglv32.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 13353320 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvlddmkm.sys
+ 2012-06-24 16:15 . 2012-06-12 06:26 18231656 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvd3dumx.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 15282024 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvd3dum.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 72693992 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\NvCplSetupInt.exe
+ 2012-06-24 16:15 . 2012-06-12 06:26 17559912 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvcompiler32.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 25256296 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_13f35e36580f023f\nvcompiler.dll
+ 2012-06-24 16:15 . 2012-06-12 06:26 13353320 c:\windows\system32\drivers\nvlddmkm.sys
+ 2011-09-26 20:10 . 2012-06-24 18:38 36244968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1104395672-1986187149-1481738984-1002-8192.dat
+ 2011-09-26 20:10 . 2012-06-24 16:23 10402580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1104395672-1986187149-1481738984-1002-12288.dat
- 2011-09-26 20:10 . 2012-06-23 00:09 10402580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1104395672-1986187149-1481738984-1002-12288.dat
+ 2012-06-04 16:05 . 2012-06-04 16:05 34270720 c:\windows\Installer\84c91.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-23 00:07 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-23 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-23 1104440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-12 1258856]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-11 382312]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-23 935480]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:40]
.
2012-06-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0E82F9BB-962C-4392-A43D-4888CD0E0592}: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7ke8z3ag.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B92932807-bd14-405d-a6de-6caadb78d259%7D&mid=89d95279f2da47d0a09a55c62f48da20-74a24396c677482c5254d4a7c9d4e78317df171d&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-23%2001%3A07%3A09&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-24 19:43:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 18:43
.
Pre-Run: 233,131,589,632 bytes free
Post-Run: 232,889,536,512 bytes free
.
- - End Of File - - 5EACFE494374F078BD6CE339E8EE22C8

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 AM

Posted 24 June 2012 - 08:31 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 micklee34

micklee34
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 25 June 2012 - 03:59 AM

Hi Gringo,

I've uninstalled Bittorrent (this was done almost straight away as I suspected this might be where I downloaded the infection) and Java Update 31 as instructed. Advice always appreciated, don't hold back :)

I've also run CCleaner with the boxes ticked as detailed.

I had a very brief flash of an error when running Hijack This, so brief I couldn't read all of it. It mentioned write access.

Please see below for the logs from MBAM and Hijack This.

Thanks for your persistence.

Mick

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-LAPTOP [administrator]

25/06/2012 09:24:30
mbam-log-2012-06-25 (09-24-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230979
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:33:06, on 25/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Michael\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E82F9BB-962C-4392-A43D-4888CD0E0592}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E82F9BB-962C-4392-A43D-4888CD0E0592}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E82F9BB-962C-4392-A43D-4888CD0E0592}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15406 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 AM

Posted 25 June 2012 - 07:49 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 micklee34

micklee34
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 25 June 2012 - 11:31 AM

Hi Gringo,

I've followed your instructions to the letter.

The Eset scan ran with zero infections however I could not see a way of extracting a log from the scan tool and the text was not selectable in the scan result window.

Let me know if there are any further pearls of wisdom, I have to say that I'm seriously impressed with the advice and speed of response I've received.

Thank you so much....

Gringo's Number One Fan, Mick

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 AM

Posted 25 June 2012 - 12:52 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 micklee34

micklee34
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 25 June 2012 - 03:14 PM

Hey Gringo,

Incredibly grateful for all your help and advice... thanks again.

Mick

:thumbsup:

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 AM

Posted 25 June 2012 - 10:43 PM

You are more than welcome and Glad I was able to help



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:05 AM

Posted 27 June 2012 - 11:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users