Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dropper.Generic_c.MMI virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 realburnsie

realburnsie

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 11 July 2012 - 12:29 PM

AVG Free discovered Dropper.Generic_c.MMI on my computer on 7/10. My services.exe file has been replaced and various setting have been changed and locked (i.e. file and printer sharing turned off). This seems to be a pretty popular and nasty virus. What do I need to do? Thank you in advance for the assistance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 PM

Posted 12 July 2012 - 01:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 realburnsie

realburnsie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 12 July 2012 - 10:18 PM

Gringo, thanks for your willingness to assist me.

***********************Security Check .txt****************************


Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG PC Tuneup 2011
JavaFX 2.1.1
Java™ 6 Update 29
Java™ 7 Update 5
Java™ SE Development Kit 6 Update 18
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 21.0.1180.15
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


***************DDS.txt******************

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1
Run by HeyJude at 22:11:29 on 2012-07-12
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.3775 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\splwow64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
C:\Program Files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe
C:\Users\HeyJude\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\FingerPrint\FingerPrint.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\WePrint\WePrint Server.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\conhost.exe
C:\Users\HeyJude\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\HeyJude\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\Documents\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Users\HeyJude\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081213
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081213
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63253
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\HeyJude\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [311CFFA3BD4ED4073139605AF0EA8A07295108D1._service_run] "C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\HeyJude\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\HeyJude\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\HeyJude\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPROG~1.LNK - C:\Program Files (x86)\FingerPrint\FingerPrint.exe
StartupFolder: C:\Users\HeyJude\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\HeyJude\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEPRIN~1.LNK - C:\Program Files (x86)\WePrint\WePrint Server.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SERVET~1.LNK - C:\Program Files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1316FE7F-8B2E-4423-8351-D52665896033} : DhcpNameServer = 172.16.64.215 172.16.64.215 8.8.8.8
TCP: Interfaces\{2DAE23AF-81FF-4A75-BF74-B050776568C7} : DhcpNameServer = 172.16.64.215 172.16.64.215
TCP: Interfaces\{DDB5B958-4AFB-4369-AA46-219AC7D59543} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
mRun-x64: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HeyJude\AppData\Roaming\Mozilla\Firefox\Profiles\xu08hkc6.default\
FF - prefs.js: browser.startup.homepage - google.com/news
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B38c638b7-3663-449e-b37a-dca8385db678%7D&mid=bf79396e4c021cc36153adfe62cc6e0d-780ab88abf60ec9332576718dabf1bffe8c23aee&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-10%2021%3A44%3A12&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63253
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\HeyJude\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\HeyJude\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/27 21:15:09];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-2-28 146928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-17 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 FingerPrint;FingerPrint Service;C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start --> C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start [?]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WN111v2w7x.sys --> C:\Windows\system32\DRIVERS\WN111v2w7x.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-31 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-31 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-2-29 942080]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-10 12:12:23 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-09 03:38:32 -------- d-----w- C:\Program Files\iPod
2012-07-09 03:38:31 -------- d-----w- C:\Program Files\iTunes
2012-07-09 03:38:31 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-21 04:56:32 66552 ----a-w- C:\Windows\System32\drivers\mozy.sys
2012-06-19 22:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 09:49:29 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 09:48:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 09:48:37 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 09:48:37 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-16 01:32:35 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-16 01:31:41 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
.
==================== Find3M ====================
.
2012-05-28 08:16:44 1806848 ----a-w- C:\Windows\SysWow64\mprdin.dll
2012-05-22 00:37:42 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-22 00:37:42 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-22 00:37:42 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-05 00:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 22:12:03.24 ===============

***************attach.txt***************************


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 10/22/2009 6:24:06 PM
System Uptime: 7/12/2012 5:23:06 PM (5 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 130.309 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.219 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_0D49&PID_7110\L40VTV1G____
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_0D49&PID_7110\L40VTV1G____
Service: USBSTOR
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&35C5469D&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&35C5469D&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.0
aioscnnr
Air Video Server 2.4.3
Apple Application Support
Apple Software Update
Avery Template - U_0052_01_P
AVG PC Tuneup 2011
AVG Security Toolbar
C4USelfUpdater
CameraHelperMsi
center
CopyTrans Suite Remove Only
CyberLink PowerDVD 9
Diagnostic Utility
Dropbox
EcoSmart Config Utility
erLT
essentials
Facebook Plug-In
Fences
FingerPrint 1.2.0.278
Foxreal Video Converter version 1.0.1.0
GEAR driver installer 4.019
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 5.1.0.873
HandBrake 0.9.5
HP USB Disk Storage Format Tool
inSSIDer
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 5
Java™ SE Development Kit 6 Update 18
JavaFX 2.1.1
Joboshare PS3 Video Converter
KODAK AiO Software
Logitech Touch Mouse Server 1.0
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MKVtoolnix 4.8.0
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myiHome v5.2.0
Nero 7 Ultra Edition
neroxml
ocr
Picasa 3
PowerISO
Precision Photos ROES
PreReq
QuickTime
Rainmeter
RangeMax Wireless-N USB Adapter WN111v2
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
SABnzbd (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
ServeToMe 3.6.6.0
Shutterfly Express Uploader
Skype Click to Call
Skype™ 5.9
Spelling Dictionaries Support For Adobe Reader 9
The KMPlayer (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veetle TV 0.9.18
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WePrint
WinImage
WinRAR archiver
WinSCP 4.3.8
WN111v2
Xilisoft HD Video Converter
Xilisoft PDF to EPUB Converter
Xilisoft Video Converter Ultimate
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 9:40:27 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
7/9/2012 8:44:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
7/9/2012 12:01:20 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
7/8/2012 11:55:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8800761cbc6, 0xfffff8800317e9c8, 0xfffff8800317e230). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070812-37299-01.
7/8/2012 11:52:38 AM, Error: TermDD [50] - The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
7/8/2012 10:36:42 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2012 9:57:22 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/12/2012 9:57:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/12/2012 5:26:24 PM, Error: Service Control Manager [7031] - The Routing and Remote Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/12/2012 5:24:12 PM, Error: Service Control Manager [7031] - The Routing and Remote Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/12/2012 5:24:00 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/12/2012 5:23:56 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/12/2012 5:23:52 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/11/2012 7:31:10 AM, Error: Service Control Manager [7034] - The Routing and Remote Access service terminated unexpectedly. It has done this 3 time(s).
7/10/2012 9:38:10 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
7/10/2012 10:31:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2012 10:31:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/10/2012 10:31:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/10/2012 10:31:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/10/2012 10:31:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/10/2012 10:31:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2012 10:31:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/10/2012 10:29:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/10/2012 10:29:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache JSWPSLWF mozyFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx VWiFiFlt Wanarpv6 WfpLwf
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The FingerPrint Service service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2012 10:29:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 PM

Posted 12 July 2012 - 10:25 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 realburnsie

realburnsie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 12 July 2012 - 11:36 PM

Gringo,
I believe AVG came back on during Combofix's run. I hope that didn't disrupt anything. However, it looks like it restored two infected files- so that's good.

The setting issues I was having (ie files sharing turned off) and locked have been restored. That was the main symptom of the virus. What's your diagnosis?



ComboFix 12-07-13.01 - HeyJude 07/12/2012 23:07:09.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4288 [GMT -5:00]
Running from: c:\users\HeyJude\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\test.txt
c:\users\HeyJude\AppData\Local\Setup.exe
c:\users\HeyJude\AppData\Roaming\8D5A.23D
c:\users\HeyJude\Documents\~WRL0845.tmp
c:\users\HeyJude\Documents\~WRL1667.tmp
c:\windows\Installer\{31753d0f-9731-7f2c-a4d6-f97a422a372f}\@
c:\windows\Installer\{31753d0f-9731-7f2c-a4d6-f97a422a372f}\U\00000001.@
c:\windows\Installer\{31753d0f-9731-7f2c-a4d6-f97a422a372f}\U\80000000.@
c:\windows\Installer\{31753d0f-9731-7f2c-a4d6-f97a422a372f}\U\800000cb.@
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 04:16 . 2012-07-13 04:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-13 04:16 . 2012-07-13 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 04:16 . 2012-07-13 04:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-10 12:12 . 2012-07-10 12:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-09 03:38 . 2012-07-09 03:38 -------- d-----w- c:\program files\iPod
2012-07-09 03:38 . 2012-07-09 03:39 -------- d-----w- c:\program files\iTunes
2012-07-09 03:38 . 2012-07-09 03:39 -------- d-----w- c:\program files (x86)\iTunes
2012-06-21 04:56 . 2011-07-27 21:22 66552 ----a-w- c:\windows\system32\drivers\mozy.sys
2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 09:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 09:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 09:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 09:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 09:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 09:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 09:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 09:48 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 09:48 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 01:33 . 2012-06-16 01:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-16 01:32 . 2012-06-16 01:32 -------- d-----w- c:\program files (x86)\Oracle
2012-06-16 01:31 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-15 13:22 . 2012-06-15 13:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 08:16 . 2012-05-28 08:16 1806848 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-05-22 00:37 . 2011-03-25 21:09 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 00:37 . 2011-03-25 21:09 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 00:37 . 2011-03-25 21:09 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-05 00:29 . 2010-06-20 13:24 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-02-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-02-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 08:15 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-04 399736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"311CFFA3BD4ED4073139605AF0EA8A07295108D1._service_run"="c:\users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 1229848]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EKAiO2StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\HeyJude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HeyJude\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
My Program.lnk - c:\program files (x86)\FingerPrint\FingerPrint.exe [2012-2-29 924728]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-2-4 2401280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-6-4 6271376]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
ServeToMe.lnk - c:\program files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe [2012-2-2 907003]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-13 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys [2005-04-25 26720]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/27 21:15];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-03-01 00:40 146928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 FingerPrint;FingerPrint Service;c:\program files (x86)\FingerPrint\FingerPrintService.exe [2012-02-05 1299968]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-22 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-28 783360]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 23:39]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 23:39]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606367189-2953712760-1814550031-1000Core.job
- c:\users\HeyJude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 23:56]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606367189-2953712760-1814550031-1000UA.job
- c:\users\HeyJude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 23:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-06-04 21:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-06-04 21:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-02 7834656]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081213
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63253
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\HeyJude\AppData\Roaming\Mozilla\Firefox\Profiles\xu08hkc6.default\
FF - prefs.js: browser.startup.homepage - google.com/news
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B38c638b7-3663-449e-b37a-dca8385db678%7D&mid=bf79396e4c021cc36153adfe62cc6e0d-780ab88abf60ec9332576718dabf1bffe8c23aee&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-10%2021%3A44%3A12&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63253
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WN111v2\jswtrayutil.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Precision Photos ROES - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2012-07-12 23:31:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 04:31
.
Pre-Run: 139,389,960,192 bytes free
Post-Run: 139,249,889,280 bytes free
.
- - End Of File - - 4CAFCBECDF5A6C7AC9508D041E33A76A

Gringo,
I believe AVG came back on during Combofix's run. I hope that didn't disrupt anything. However, it looks like it restored two infected files- so that's good.

The setting issues I was having (ie files sharing turned off) and locked have been restored. That was the main symptom of the virus. What's your diagnosis?



ComboFix 12-07-13.01 - HeyJude 07/12/2012 23:07:09.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4288 [GMT -5:00]
Running from: c:\users\HeyJude\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\test.txt
c:\users\HeyJude\AppData\Local\Setup.exe
c:\users\HeyJude\AppData\Roaming\8D5A.23D
c:\users\HeyJude\Documents\~WRL0845.tmp
c:\users\HeyJude\Documents\~WRL1667.tmp
c:\windows\Installer\{31753d0f-9731-7f2c-a4d6-f97a422a372f}\@
c:\windows\Installer\{31753d0f-9731-7f2c-a4d6-f97a422a372f}\U\00000001.@
c:\windows\Installer\{31753d0f-9731-7f2c-a4d6-f97a422a372f}\U\80000000.@
c:\windows\Installer\{31753d0f-9731-7f2c-a4d6-f97a422a372f}\U\800000cb.@
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 04:16 . 2012-07-13 04:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-13 04:16 . 2012-07-13 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 04:16 . 2012-07-13 04:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-10 12:12 . 2012-07-10 12:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-09 03:38 . 2012-07-09 03:38 -------- d-----w- c:\program files\iPod
2012-07-09 03:38 . 2012-07-09 03:39 -------- d-----w- c:\program files\iTunes
2012-07-09 03:38 . 2012-07-09 03:39 -------- d-----w- c:\program files (x86)\iTunes
2012-06-21 04:56 . 2011-07-27 21:22 66552 ----a-w- c:\windows\system32\drivers\mozy.sys
2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 09:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 09:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 09:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 09:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 09:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 09:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 09:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 09:48 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 09:48 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 01:33 . 2012-06-16 01:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-16 01:32 . 2012-06-16 01:32 -------- d-----w- c:\program files (x86)\Oracle
2012-06-16 01:31 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-15 13:22 . 2012-06-15 13:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 08:16 . 2012-05-28 08:16 1806848 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-05-22 00:37 . 2011-03-25 21:09 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 00:37 . 2011-03-25 21:09 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 00:37 . 2011-03-25 21:09 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-05 00:29 . 2010-06-20 13:24 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-02-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-02-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 08:15 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-04 399736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"311CFFA3BD4ED4073139605AF0EA8A07295108D1._service_run"="c:\users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-06-28 1229848]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EKAiO2StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\HeyJude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HeyJude\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
My Program.lnk - c:\program files (x86)\FingerPrint\FingerPrint.exe [2012-2-29 924728]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-2-4 2401280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-6-4 6271376]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
ServeToMe.lnk - c:\program files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe [2012-2-2 907003]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-13 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys [2005-04-25 26720]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/27 21:15];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-03-01 00:40 146928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 FingerPrint;FingerPrint Service;c:\program files (x86)\FingerPrint\FingerPrintService.exe [2012-02-05 1299968]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-22 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-28 783360]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 23:39]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 23:39]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606367189-2953712760-1814550031-1000Core.job
- c:\users\HeyJude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 23:56]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606367189-2953712760-1814550031-1000UA.job
- c:\users\HeyJude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 23:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-06-04 21:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-06-04 21:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-02 7834656]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081213
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63253
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\HeyJude\AppData\Roaming\Mozilla\Firefox\Profiles\xu08hkc6.default\
FF - prefs.js: browser.startup.homepage - google.com/news
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B38c638b7-3663-449e-b37a-dca8385db678%7D&mid=bf79396e4c021cc36153adfe62cc6e0d-780ab88abf60ec9332576718dabf1bffe8c23aee&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-10%2021%3A44%3A12&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63253
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WN111v2\jswtrayutil.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Precision Photos ROES - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2012-07-12 23:31:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 04:31
.
Pre-Run: 139,389,960,192 bytes free
Post-Run: 139,249,889,280 bytes free
.
- - End Of File - - 4CAFCBECDF5A6C7AC9508D041E33A76A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 PM

Posted 12 July 2012 - 11:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 realburnsie

realburnsie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 July 2012 - 04:20 AM

04:14:43.0943 5616 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
04:14:43.0958 5616 ============================================================
04:14:43.0958 5616 Current date / time: 2012/07/13 04:14:43.0958
04:14:43.0958 5616 SystemInfo:
04:14:43.0958 5616
04:14:43.0958 5616 OS Version: 6.1.7600 ServicePack: 0.0
04:14:43.0958 5616 Product type: Workstation
04:14:43.0959 5616 ComputerName: HEYJUDE-PC
04:14:43.0959 5616 UserName: HeyJude
04:14:43.0959 5616 Windows directory: C:\Windows
04:14:43.0959 5616 System windows directory: C:\Windows
04:14:43.0959 5616 Running under WOW64
04:14:43.0959 5616 Processor architecture: Intel x64
04:14:43.0959 5616 Number of processors: 4
04:14:43.0959 5616 Page size: 0x1000
04:14:43.0959 5616 Boot type: Normal boot
04:14:43.0959 5616 ============================================================
04:14:45.0734 5616 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:14:45.0741 5616 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:14:51.0618 5616 ============================================================
04:14:51.0618 5616 \Device\Harddisk0\DR0:
04:14:51.0630 5616 MBR partitions:
04:14:51.0630 5616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
04:14:51.0631 5616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x55726000
04:14:51.0631 5616 \Device\Harddisk1\DR1:
04:14:51.0631 5616 Invalid mbr signature
04:14:51.0631 5616 ============================================================
04:14:51.0664 5616 C: <-> \Device\Harddisk0\DR0\Partition1
04:14:51.0698 5616 D: <-> \Device\Harddisk0\DR0\Partition0
04:14:51.0699 5616 ============================================================
04:14:51.0699 5616 Initialize success
04:14:51.0699 5616 ============================================================
04:15:19.0808 0164 ============================================================
04:15:19.0808 0164 Scan started
04:15:19.0808 0164 Mode: Manual;
04:15:19.0808 0164 ============================================================
04:15:22.0079 0164 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
04:15:22.0081 0164 1394ohci - ok
04:15:22.0120 0164 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
04:15:22.0123 0164 ACPI - ok
04:15:22.0139 0164 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
04:15:22.0141 0164 AcpiPmi - ok
04:15:22.0182 0164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:15:22.0186 0164 adp94xx - ok
04:15:22.0212 0164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:15:22.0214 0164 adpahci - ok
04:15:22.0234 0164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:15:22.0237 0164 adpu320 - ok
04:15:22.0273 0164 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:15:22.0274 0164 AeLookupSvc - ok
04:15:22.0345 0164 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
04:15:22.0347 0164 AERTFilters - ok
04:15:22.0401 0164 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
04:15:22.0404 0164 AFD - ok
04:15:22.0419 0164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
04:15:22.0421 0164 agp440 - ok
04:15:22.0441 0164 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:15:22.0443 0164 ALG - ok
04:15:22.0456 0164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
04:15:22.0458 0164 aliide - ok
04:15:22.0516 0164 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
04:15:22.0518 0164 AMD External Events Utility - ok
04:15:22.0531 0164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
04:15:22.0533 0164 amdide - ok
04:15:22.0563 0164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:15:22.0566 0164 AmdK8 - ok
04:15:23.0255 0164 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
04:15:23.0329 0164 amdkmdag - ok
04:15:23.0431 0164 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
04:15:23.0441 0164 amdkmdap - ok
04:15:23.0459 0164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:15:23.0461 0164 AmdPPM - ok
04:15:23.0493 0164 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
04:15:23.0496 0164 amdsata - ok
04:15:23.0523 0164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:15:23.0526 0164 amdsbs - ok
04:15:23.0545 0164 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
04:15:23.0547 0164 amdxata - ok
04:15:23.0626 0164 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll
04:15:23.0627 0164 AppHostSvc - ok
04:15:23.0647 0164 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
04:15:23.0649 0164 AppID - ok
04:15:23.0686 0164 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:15:23.0689 0164 AppIDSvc - ok
04:15:23.0715 0164 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
04:15:23.0717 0164 Appinfo - ok
04:15:23.0858 0164 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:15:23.0859 0164 Apple Mobile Device - ok
04:15:23.0892 0164 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
04:15:23.0894 0164 AppMgmt - ok
04:15:23.0907 0164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:15:23.0910 0164 arc - ok
04:15:23.0925 0164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:15:23.0928 0164 arcsas - ok
04:15:24.0044 0164 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:15:24.0045 0164 aspnet_state - ok
04:15:24.0062 0164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:15:24.0063 0164 AsyncMac - ok
04:15:24.0079 0164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
04:15:24.0079 0164 atapi - ok
04:15:24.0398 0164 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
04:15:24.0458 0164 atikmdag - ok
04:15:24.0597 0164 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
04:15:24.0605 0164 AudioEndpointBuilder - ok
04:15:24.0615 0164 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
04:15:24.0620 0164 AudioSrv - ok
04:15:24.0881 0164 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
04:15:24.0909 0164 AVGIDSAgent - ok
04:15:24.0991 0164 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
04:15:24.0993 0164 AVGIDSDriver - ok
04:15:25.0026 0164 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
04:15:25.0028 0164 AVGIDSEH - ok
04:15:25.0043 0164 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
04:15:25.0046 0164 AVGIDSFilter - ok
04:15:25.0077 0164 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
04:15:25.0086 0164 Avgldx64 - ok
04:15:25.0102 0164 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
04:15:25.0104 0164 Avgmfx64 - ok
04:15:25.0135 0164 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
04:15:25.0138 0164 Avgrkx64 - ok
04:15:25.0180 0164 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
04:15:25.0180 0164 Avgtdia - ok
04:15:25.0301 0164 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
04:15:25.0303 0164 avgwd - ok
04:15:25.0343 0164 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
04:15:25.0346 0164 AxInstSV - ok
04:15:25.0399 0164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:15:25.0413 0164 b06bdrv - ok
04:15:25.0464 0164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:15:25.0474 0164 b57nd60a - ok
04:15:25.0501 0164 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:15:25.0504 0164 BDESVC - ok
04:15:25.0519 0164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:15:25.0522 0164 Beep - ok
04:15:25.0580 0164 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
04:15:25.0588 0164 BFE - ok
04:15:25.0646 0164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:15:25.0648 0164 blbdrive - ok
04:15:25.0732 0164 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
04:15:25.0741 0164 Bonjour Service - ok
04:15:25.0777 0164 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
04:15:25.0780 0164 bowser - ok
04:15:25.0799 0164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:15:25.0801 0164 BrFiltLo - ok
04:15:25.0817 0164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:15:25.0819 0164 BrFiltUp - ok
04:15:25.0832 0164 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:15:25.0834 0164 BridgeMP - ok
04:15:25.0855 0164 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
04:15:25.0856 0164 Browser - ok
04:15:25.0878 0164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:15:25.0882 0164 Brserid - ok
04:15:25.0900 0164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:15:25.0902 0164 BrSerWdm - ok
04:15:25.0918 0164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:15:25.0920 0164 BrUsbMdm - ok
04:15:25.0931 0164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:15:25.0933 0164 BrUsbSer - ok
04:15:25.0955 0164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:15:25.0957 0164 BTHMODEM - ok
04:15:25.0985 0164 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:15:25.0988 0164 bthserv - ok
04:15:26.0026 0164 catchme - ok
04:15:26.0055 0164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:15:26.0058 0164 cdfs - ok
04:15:26.0091 0164 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
04:15:26.0095 0164 cdrom - ok
04:15:26.0124 0164 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
04:15:26.0128 0164 CertPropSvc - ok
04:15:26.0141 0164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:15:26.0143 0164 circlass - ok
04:15:26.0168 0164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:15:26.0171 0164 CLFS - ok
04:15:26.0238 0164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:15:26.0238 0164 clr_optimization_v2.0.50727_32 - ok
04:15:26.0269 0164 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:15:26.0269 0164 clr_optimization_v2.0.50727_64 - ok
04:15:26.0351 0164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:15:26.0352 0164 clr_optimization_v4.0.30319_32 - ok
04:15:26.0375 0164 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:15:26.0378 0164 clr_optimization_v4.0.30319_64 - ok
04:15:26.0404 0164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:15:26.0406 0164 CmBatt - ok
04:15:26.0420 0164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
04:15:26.0422 0164 cmdide - ok
04:15:26.0510 0164 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
04:15:26.0546 0164 CNG - ok
04:15:26.0606 0164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:15:26.0607 0164 Compbatt - ok
04:15:26.0633 0164 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
04:15:26.0635 0164 CompositeBus - ok
04:15:26.0643 0164 COMSysApp - ok
04:15:26.0659 0164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:15:26.0661 0164 crcdisk - ok
04:15:26.0711 0164 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
04:15:26.0713 0164 CryptSvc - ok
04:15:26.0758 0164 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
04:15:26.0772 0164 CSC - ok
04:15:26.0802 0164 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
04:15:26.0807 0164 CscService - ok
04:15:26.0856 0164 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
04:15:26.0873 0164 DcomLaunch - ok
04:15:26.0893 0164 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:15:26.0903 0164 defragsvc - ok
04:15:26.0986 0164 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
04:15:26.0988 0164 DfsC - ok
04:15:27.0044 0164 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
04:15:27.0086 0164 Dhcp - ok
04:15:27.0118 0164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:15:27.0119 0164 discache - ok
04:15:27.0145 0164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:15:27.0148 0164 Disk - ok
04:15:27.0185 0164 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
04:15:27.0189 0164 Dnscache - ok
04:15:27.0210 0164 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
04:15:27.0214 0164 dot3svc - ok
04:15:27.0228 0164 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
04:15:27.0232 0164 DPS - ok
04:15:27.0268 0164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:15:27.0270 0164 drmkaud - ok
04:15:27.0309 0164 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
04:15:27.0324 0164 DXGKrnl - ok
04:15:27.0367 0164 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:15:27.0370 0164 EapHost - ok
04:15:27.0488 0164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:15:27.0520 0164 ebdrv - ok
04:15:27.0625 0164 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
04:15:27.0627 0164 EFS - ok
04:15:27.0697 0164 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
04:15:27.0714 0164 ehRecvr - ok
04:15:27.0750 0164 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:15:27.0753 0164 ehSched - ok
04:15:27.0786 0164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:15:27.0802 0164 elxstor - ok
04:15:27.0814 0164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
04:15:27.0816 0164 ErrDev - ok
04:15:27.0870 0164 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:15:27.0881 0164 EventSystem - ok
04:15:27.0899 0164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:15:27.0904 0164 exfat - ok
04:15:27.0924 0164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:15:27.0929 0164 fastfat - ok
04:15:27.0971 0164 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
04:15:28.0010 0164 Fax - ok
04:15:28.0035 0164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:15:28.0037 0164 fdc - ok
04:15:28.0052 0164 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:15:28.0054 0164 fdPHost - ok
04:15:28.0071 0164 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:15:28.0073 0164 FDResPub - ok
04:15:28.0091 0164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:15:28.0094 0164 FileInfo - ok
04:15:28.0114 0164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:15:28.0116 0164 Filetrace - ok
04:15:28.0185 0164 FingerPrint - ok
04:15:28.0202 0164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:15:28.0204 0164 flpydisk - ok
04:15:28.0225 0164 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
04:15:28.0231 0164 FltMgr - ok
04:15:28.0291 0164 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
04:15:28.0316 0164 FontCache - ok
04:15:28.0379 0164 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:15:28.0379 0164 FontCache3.0.0.0 - ok
04:15:28.0421 0164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:15:28.0424 0164 FsDepends - ok
04:15:28.0437 0164 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:15:28.0439 0164 Fs_Rec - ok
04:15:28.0494 0164 ftpsvc (67579d0aada8c78bc0b7d12a1cea38ac) C:\Windows\system32\inetsrv\ftpsvc.dll
04:15:28.0505 0164 ftpsvc - ok
04:15:28.0548 0164 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:15:28.0553 0164 fvevol - ok
04:15:28.0565 0164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:15:28.0568 0164 gagp30kx - ok
04:15:28.0606 0164 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:15:28.0609 0164 GEARAspiWDM - ok
04:15:28.0660 0164 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
04:15:28.0683 0164 gpsvc - ok
04:15:28.0784 0164 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:15:28.0787 0164 gupdate - ok
04:15:28.0792 0164 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:15:28.0793 0164 gupdatem - ok
04:15:28.0812 0164 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:15:28.0816 0164 gusvc - ok
04:15:28.0834 0164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:15:28.0835 0164 hcw85cir - ok
04:15:28.0879 0164 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
04:15:28.0890 0164 HdAudAddService - ok
04:15:28.0918 0164 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:15:28.0921 0164 HDAudBus - ok
04:15:28.0939 0164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:15:28.0940 0164 HidBatt - ok
04:15:28.0957 0164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:15:28.0958 0164 HidBth - ok
04:15:28.0980 0164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:15:28.0981 0164 HidIr - ok
04:15:29.0007 0164 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:15:29.0009 0164 hidserv - ok
04:15:29.0043 0164 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
04:15:29.0045 0164 HidUsb - ok
04:15:29.0082 0164 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
04:15:29.0085 0164 hkmsvc - ok
04:15:29.0106 0164 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
04:15:29.0110 0164 HomeGroupListener - ok
04:15:29.0147 0164 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
04:15:29.0152 0164 HomeGroupProvider - ok
04:15:29.0180 0164 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
04:15:29.0181 0164 HpSAMD - ok
04:15:29.0216 0164 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
04:15:29.0221 0164 HTTP - ok
04:15:29.0231 0164 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
04:15:29.0231 0164 hwpolicy - ok
04:15:29.0267 0164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
04:15:29.0270 0164 i8042prt - ok
04:15:29.0377 0164 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
04:15:29.0380 0164 iaStorV - ok
04:15:29.0477 0164 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:15:29.0497 0164 idsvc - ok
04:15:29.0512 0164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:15:29.0513 0164 iirsp - ok
04:15:29.0571 0164 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
04:15:29.0593 0164 IKEEXT - ok
04:15:29.0700 0164 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys
04:15:29.0735 0164 IntcAzAudAddService - ok
04:15:29.0828 0164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
04:15:29.0829 0164 intelide - ok
04:15:29.0854 0164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:15:29.0855 0164 intelppm - ok
04:15:29.0879 0164 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:15:29.0883 0164 IPBusEnum - ok
04:15:29.0899 0164 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:15:29.0903 0164 IpFilterDriver - ok
04:15:29.0941 0164 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
04:15:29.0958 0164 iphlpsvc - ok
04:15:29.0974 0164 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
04:15:29.0974 0164 IPMIDRV - ok
04:15:30.0006 0164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:15:30.0010 0164 IPNAT - ok
04:15:30.0135 0164 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
04:15:30.0142 0164 iPod Service - ok
04:15:30.0164 0164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:15:30.0167 0164 IRENUM - ok
04:15:30.0178 0164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
04:15:30.0178 0164 isapnp - ok
04:15:30.0197 0164 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
04:15:30.0202 0164 iScsiPrt - ok
04:15:30.0306 0164 jswpsapi (78d233d835a8876035ac559afe02b940) C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
04:15:30.0328 0164 jswpsapi - ok
04:15:30.0382 0164 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
04:15:30.0384 0164 JSWPSLWF - ok
04:15:30.0407 0164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:15:30.0409 0164 kbdclass - ok
04:15:30.0427 0164 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
04:15:30.0430 0164 kbdhid - ok
04:15:30.0457 0164 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:30.0457 0164 KeyIso - ok
04:15:30.0547 0164 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
04:15:30.0558 0164 Kodak AiO Network Discovery Service - ok
04:15:30.0571 0164 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
04:15:30.0574 0164 KSecDD - ok
04:15:30.0592 0164 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
04:15:30.0596 0164 KSecPkg - ok
04:15:30.0602 0164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:15:30.0604 0164 ksthunk - ok
04:15:30.0653 0164 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:15:30.0664 0164 KtmRm - ok
04:15:30.0696 0164 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
04:15:30.0703 0164 LanmanServer - ok
04:15:30.0734 0164 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
04:15:30.0739 0164 LanmanWorkstation - ok
04:15:30.0762 0164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:15:30.0765 0164 lltdio - ok
04:15:30.0803 0164 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:15:30.0814 0164 lltdsvc - ok
04:15:30.0827 0164 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:15:30.0830 0164 lmhosts - ok
04:15:30.0950 0164 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
04:15:30.0953 0164 LMIGuardianSvc - ok
04:15:30.0979 0164 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
04:15:30.0982 0164 LMIInfo - ok
04:15:31.0022 0164 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
04:15:31.0025 0164 LMIMaint - ok
04:15:31.0043 0164 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
04:15:31.0045 0164 lmimirr - ok
04:15:31.0052 0164 LMIRfsClientNP - ok
04:15:31.0069 0164 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
04:15:31.0072 0164 LMIRfsDriver - ok
04:15:31.0112 0164 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
04:15:31.0122 0164 LogMeIn - ok
04:15:31.0170 0164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:15:31.0171 0164 LSI_FC - ok
04:15:31.0187 0164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:15:31.0189 0164 LSI_SAS - ok
04:15:31.0203 0164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:15:31.0204 0164 LSI_SAS2 - ok
04:15:31.0222 0164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:15:31.0223 0164 LSI_SCSI - ok
04:15:31.0243 0164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:15:31.0247 0164 luafv - ok
04:15:31.0278 0164 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
04:15:31.0280 0164 LVPr2M64 - ok
04:15:31.0323 0164 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
04:15:31.0324 0164 LVPr2Mon - ok
04:15:31.0430 0164 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
04:15:31.0431 0164 LVPrcS64 - ok
04:15:31.0475 0164 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
04:15:31.0486 0164 LVRS64 - ok
04:15:31.0654 0164 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
04:15:31.0740 0164 LVUVC64 - ok
04:15:31.0805 0164 Mcx2Svc - ok
04:15:31.0896 0164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:15:31.0896 0164 megasas - ok
04:15:31.0921 0164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:15:31.0923 0164 MegaSR - ok
04:15:32.0040 0164 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
04:15:32.0041 0164 Microsoft Office Groove Audit Service - ok
04:15:32.0073 0164 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:15:32.0077 0164 MMCSS - ok
04:15:32.0093 0164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:15:32.0095 0164 Modem - ok
04:15:32.0123 0164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:15:32.0124 0164 monitor - ok
04:15:32.0145 0164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:15:32.0148 0164 mouclass - ok
04:15:32.0174 0164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:15:32.0177 0164 mouhid - ok
04:15:32.0195 0164 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
04:15:32.0197 0164 mountmgr - ok
04:15:32.0278 0164 mozybackup (4559f45671297fe955b3b6de1bdf26ce) C:\Program Files\MozyHome\mozybackup.exe
04:15:32.0278 0164 mozybackup - ok
04:15:32.0313 0164 mozyFilter (792e9d1d6160df481dea44d8171b8e25) C:\Windows\system32\DRIVERS\mozy.sys
04:15:32.0316 0164 mozyFilter - ok
04:15:32.0336 0164 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
04:15:32.0340 0164 mpio - ok
04:15:32.0359 0164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:15:32.0362 0164 mpsdrv - ok
04:15:32.0411 0164 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
04:15:32.0430 0164 MpsSvc - ok
04:15:32.0449 0164 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
04:15:32.0454 0164 MRxDAV - ok
04:15:32.0481 0164 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:15:32.0486 0164 mrxsmb - ok
04:15:32.0504 0164 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:15:32.0517 0164 mrxsmb10 - ok
04:15:32.0535 0164 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:15:32.0539 0164 mrxsmb20 - ok
04:15:32.0551 0164 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
04:15:32.0551 0164 msahci - ok
04:15:32.0582 0164 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
04:15:32.0582 0164 msdsm - ok
04:15:32.0598 0164 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:15:32.0598 0164 MSDTC - ok
04:15:32.0639 0164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:15:32.0641 0164 Msfs - ok
04:15:32.0665 0164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:15:32.0667 0164 mshidkmdf - ok
04:15:32.0679 0164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
04:15:32.0682 0164 msisadrv - ok
04:15:32.0713 0164 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:15:32.0719 0164 MSiSCSI - ok
04:15:32.0724 0164 msiserver - ok
04:15:32.0754 0164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:15:32.0756 0164 MSKSSRV - ok
04:15:32.0768 0164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:15:32.0771 0164 MSPCLOCK - ok
04:15:32.0786 0164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:15:32.0788 0164 MSPQM - ok
04:15:32.0813 0164 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
04:15:32.0825 0164 MsRPC - ok
04:15:32.0842 0164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
04:15:32.0843 0164 mssmbios - ok
04:15:32.0853 0164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:15:32.0855 0164 MSTEE - ok
04:15:32.0893 0164 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
04:15:32.0896 0164 msvad_simple - ok
04:15:32.0909 0164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:15:32.0911 0164 MTConfig - ok
04:15:32.0923 0164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:15:32.0926 0164 Mup - ok
04:15:32.0999 0164 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
04:15:33.0018 0164 napagent - ok
04:15:33.0063 0164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:15:33.0084 0164 NativeWifiP - ok
04:15:33.0233 0164 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
04:15:33.0239 0164 NBService - ok
04:15:33.0299 0164 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
04:15:33.0305 0164 NDIS - ok
04:15:33.0316 0164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:15:33.0319 0164 NdisCap - ok
04:15:33.0342 0164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:15:33.0344 0164 NdisTapi - ok
04:15:33.0353 0164 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
04:15:33.0356 0164 Ndisuio - ok
04:15:33.0373 0164 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:15:33.0377 0164 NdisWan - ok
04:15:33.0390 0164 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
04:15:33.0392 0164 NDProxy - ok
04:15:33.0426 0164 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
04:15:33.0428 0164 Netaapl - ok
04:15:33.0443 0164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:15:33.0446 0164 NetBIOS - ok
04:15:33.0468 0164 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
04:15:33.0471 0164 NetBT - ok
04:15:33.0505 0164 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:33.0507 0164 Netlogon - ok
04:15:33.0557 0164 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:15:33.0568 0164 Netman - ok
04:15:33.0642 0164 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:15:33.0642 0164 NetMsmqActivator - ok
04:15:33.0658 0164 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:15:33.0658 0164 NetPipeActivator - ok
04:15:33.0690 0164 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:15:33.0709 0164 netprofm - ok
04:15:33.0714 0164 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:15:33.0716 0164 NetTcpActivator - ok
04:15:33.0722 0164 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:15:33.0723 0164 NetTcpPortSharing - ok
04:15:33.0775 0164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:15:33.0778 0164 nfrd960 - ok
04:15:33.0803 0164 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
04:15:33.0815 0164 NlaSvc - ok
04:15:33.0921 0164 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
04:15:33.0925 0164 NMIndexingService - ok
04:15:33.0941 0164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:15:33.0944 0164 Npfs - ok
04:15:33.0960 0164 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:15:33.0964 0164 nsi - ok
04:15:33.0979 0164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:15:33.0980 0164 nsiproxy - ok
04:15:34.0046 0164 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
04:15:34.0069 0164 Ntfs - ok
04:15:34.0165 0164 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:15:34.0167 0164 Null - ok
04:15:34.0187 0164 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
04:15:34.0191 0164 nvraid - ok
04:15:34.0206 0164 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
04:15:34.0211 0164 nvstor - ok
04:15:34.0232 0164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
04:15:34.0235 0164 nv_agp - ok
04:15:34.0296 0164 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:15:34.0299 0164 odserv - ok
04:15:34.0324 0164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
04:15:34.0327 0164 ohci1394 - ok
04:15:34.0365 0164 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:15:34.0367 0164 ose - ok
04:15:34.0407 0164 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:15:34.0419 0164 p2pimsvc - ok
04:15:34.0466 0164 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:15:34.0484 0164 p2psvc - ok
04:15:34.0505 0164 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:15:34.0508 0164 Parport - ok
04:15:34.0522 0164 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
04:15:34.0525 0164 partmgr - ok
04:15:34.0552 0164 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
04:15:34.0555 0164 PCAMp50a64 - ok
04:15:34.0578 0164 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
04:15:34.0580 0164 PCASp50a64 - ok
04:15:34.0602 0164 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:15:34.0607 0164 PcaSvc - ok
04:15:34.0625 0164 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
04:15:34.0630 0164 pci - ok
04:15:34.0643 0164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
04:15:34.0645 0164 pciide - ok
04:15:34.0663 0164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:15:34.0667 0164 pcmcia - ok
04:15:34.0682 0164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:15:34.0682 0164 pcw - ok
04:15:34.0713 0164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:15:34.0733 0164 PEAUTH - ok
04:15:34.0805 0164 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
04:15:34.0835 0164 PeerDistSvc - ok
04:15:34.0902 0164 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:15:34.0905 0164 PerfHost - ok
04:15:35.0031 0164 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
04:15:35.0063 0164 pla - ok
04:15:35.0113 0164 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
04:15:35.0117 0164 PlugPlay - ok
04:15:35.0125 0164 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:15:35.0128 0164 PNRPAutoReg - ok
04:15:35.0148 0164 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:15:35.0152 0164 PNRPsvc - ok
04:15:35.0194 0164 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
04:15:35.0213 0164 PolicyAgent - ok
04:15:35.0248 0164 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:15:35.0254 0164 Power - ok
04:15:35.0299 0164 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
04:15:35.0303 0164 PptpMiniport - ok
04:15:35.0329 0164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:15:35.0332 0164 Processor - ok
04:15:35.0352 0164 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
04:15:35.0358 0164 ProfSvc - ok
04:15:35.0396 0164 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:35.0398 0164 ProtectedStorage - ok
04:15:35.0430 0164 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
04:15:35.0433 0164 Psched - ok
04:15:35.0474 0164 PxHlpa64 (dc2e1374677402bddb7fa4c51c8c7a8b) C:\Windows\system32\Drivers\PxHlpa64.sys
04:15:35.0476 0164 PxHlpa64 - ok
04:15:35.0540 0164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:15:35.0569 0164 ql2300 - ok
04:15:35.0642 0164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:15:35.0645 0164 ql40xx - ok
04:15:35.0668 0164 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:15:35.0681 0164 QWAVE - ok
04:15:35.0702 0164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:15:35.0705 0164 QWAVEdrv - ok
04:15:35.0721 0164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:15:35.0721 0164 RasAcd - ok
04:15:35.0752 0164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:15:35.0768 0164 RasAgileVpn - ok
04:15:35.0785 0164 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:15:35.0789 0164 RasAuto - ok
04:15:35.0809 0164 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:15:35.0812 0164 Rasl2tp - ok
04:15:35.0832 0164 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
04:15:35.0844 0164 RasMan - ok
04:15:35.0864 0164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:15:35.0867 0164 RasPppoe - ok
04:15:35.0878 0164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:15:35.0881 0164 RasSstp - ok
04:15:35.0902 0164 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
04:15:35.0914 0164 rdbss - ok
04:15:35.0925 0164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:15:35.0927 0164 rdpbus - ok
04:15:35.0941 0164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:15:35.0941 0164 RDPCDD - ok
04:15:35.0976 0164 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
04:15:35.0980 0164 RDPDR - ok
04:15:35.0990 0164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:15:35.0991 0164 RDPENCDD - ok
04:15:36.0002 0164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:15:36.0002 0164 RDPREFMP - ok
04:15:36.0021 0164 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
04:15:36.0026 0164 RDPWD - ok
04:15:36.0045 0164 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
04:15:36.0050 0164 rdyboost - ok
04:15:36.0103 0164 RemoteAccess - ok
04:15:36.0120 0164 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:15:36.0123 0164 RemoteRegistry - ok
04:15:36.0135 0164 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:15:36.0138 0164 RpcEptMapper - ok
04:15:36.0168 0164 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:15:36.0171 0164 RpcLocator - ok
04:15:36.0194 0164 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
04:15:36.0200 0164 RpcSs - ok
04:15:36.0247 0164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:15:36.0250 0164 rspndr - ok
04:15:36.0294 0164 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
04:15:36.0312 0164 RTL8167 - ok
04:15:36.0357 0164 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
04:15:36.0359 0164 RtNdPt60 - ok
04:15:36.0376 0164 RTTEAMPT (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
04:15:36.0379 0164 RTTEAMPT - ok
04:15:36.0406 0164 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
04:15:36.0408 0164 RTVLANPT - ok
04:15:36.0437 0164 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
04:15:36.0437 0164 s3cap - ok
04:15:36.0471 0164 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:36.0473 0164 SamSs - ok
04:15:36.0494 0164 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
04:15:36.0498 0164 sbp2port - ok
04:15:36.0527 0164 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:15:36.0533 0164 SCardSvr - ok
04:15:36.0575 0164 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
04:15:36.0578 0164 SCDEmu - ok
04:15:36.0593 0164 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
04:15:36.0596 0164 scfilter - ok
04:15:36.0656 0164 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
04:15:36.0671 0164 Schedule - ok
04:15:36.0703 0164 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
04:15:36.0704 0164 SCPolicySvc - ok
04:15:36.0723 0164 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
04:15:36.0728 0164 SDRSVC - ok
04:15:36.0775 0164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:15:36.0778 0164 secdrv - ok
04:15:36.0778 0164 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
04:15:36.0778 0164 seclogon - ok
04:15:36.0793 0164 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:15:36.0809 0164 SENS - ok
04:15:36.0809 0164 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:15:36.0809 0164 SensrSvc - ok
04:15:36.0824 0164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:15:36.0824 0164 Serenum - ok
04:15:36.0852 0164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:15:36.0855 0164 Serial - ok
04:15:36.0871 0164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:15:36.0873 0164 sermouse - ok
04:15:36.0897 0164 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
04:15:36.0902 0164 SessionEnv - ok
04:15:36.0920 0164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
04:15:36.0923 0164 sffdisk - ok
04:15:36.0934 0164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
04:15:36.0937 0164 sffp_mmc - ok
04:15:36.0954 0164 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
04:15:36.0957 0164 sffp_sd - ok
04:15:36.0975 0164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:15:36.0979 0164 sfloppy - ok
04:15:37.0040 0164 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:15:37.0052 0164 SharedAccess - ok
04:15:37.0080 0164 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
04:15:37.0092 0164 ShellHWDetection - ok
04:15:37.0106 0164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:15:37.0109 0164 SiSRaid2 - ok
04:15:37.0130 0164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:15:37.0134 0164 SiSRaid4 - ok
04:15:37.0343 0164 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
04:15:37.0395 0164 Skype C2C Service - ok
04:15:37.0471 0164 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
04:15:37.0474 0164 SkypeUpdate - ok
04:15:37.0554 0164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:15:37.0557 0164 Smb - ok
04:15:37.0606 0164 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:15:37.0609 0164 SNMPTRAP - ok
04:15:37.0617 0164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:15:37.0620 0164 spldr - ok
04:15:37.0658 0164 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
04:15:37.0675 0164 Spooler - ok
04:15:37.0792 0164 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
04:15:37.0851 0164 sppsvc - ok
04:15:37.0882 0164 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:15:37.0898 0164 sppuinotify - ok
04:15:37.0956 0164 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
04:15:37.0975 0164 srv - ok
04:15:38.0026 0164 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
04:15:38.0038 0164 srv2 - ok
04:15:38.0064 0164 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
04:15:38.0069 0164 srvnet - ok
04:15:38.0095 0164 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:15:38.0098 0164 SSDPSRV - ok
04:15:38.0111 0164 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:15:38.0116 0164 SstpSvc - ok
04:15:38.0146 0164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:15:38.0149 0164 stexstor - ok
04:15:38.0188 0164 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
04:15:38.0190 0164 StillCam - ok
04:15:38.0237 0164 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
04:15:38.0253 0164 stisvc - ok
04:15:38.0281 0164 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
04:15:38.0284 0164 storflt - ok
04:15:38.0301 0164 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
04:15:38.0304 0164 storvsc - ok
04:15:38.0321 0164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
04:15:38.0323 0164 swenum - ok
04:15:38.0355 0164 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:15:38.0370 0164 swprv - ok
04:15:38.0440 0164 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
04:15:38.0482 0164 SysMain - ok
04:15:38.0565 0164 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
04:15:38.0571 0164 TabletInputService - ok
04:15:38.0591 0164 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
04:15:38.0603 0164 TapiSrv - ok
04:15:38.0621 0164 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:15:38.0626 0164 TBS - ok
04:15:38.0718 0164 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
04:15:38.0731 0164 Tcpip - ok
04:15:38.0842 0164 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
04:15:38.0854 0164 TCPIP6 - ok
04:15:38.0892 0164 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
04:15:38.0892 0164 tcpipreg - ok
04:15:38.0908 0164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:15:38.0924 0164 TDPIPE - ok
04:15:38.0939 0164 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
04:15:38.0939 0164 TDTCP - ok
04:15:38.0960 0164 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
04:15:38.0989 0164 tdx - ok
04:15:39.0033 0164 TEAM (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
04:15:39.0034 0164 TEAM - ok
04:15:39.0053 0164 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
04:15:39.0055 0164 TermDD - ok
04:15:39.0114 0164 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
04:15:39.0136 0164 TermService - ok
04:15:39.0147 0164 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:15:39.0151 0164 Themes - ok
04:15:39.0186 0164 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:15:39.0188 0164 THREADORDER - ok
04:15:39.0202 0164 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:15:39.0207 0164 TrkWks - ok
04:15:39.0258 0164 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
04:15:39.0260 0164 TrustedInstaller - ok
04:15:39.0279 0164 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:15:39.0280 0164 tssecsrv - ok
04:15:39.0310 0164 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
04:15:39.0313 0164 tunnel - ok
04:15:39.0331 0164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:15:39.0334 0164 uagp35 - ok
04:15:39.0359 0164 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
04:15:39.0370 0164 udfs - ok
04:15:39.0394 0164 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:15:39.0399 0164 UI0Detect - ok
04:15:39.0415 0164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
04:15:39.0418 0164 uliagpkx - ok
04:15:39.0441 0164 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
04:15:39.0444 0164 umbus - ok
04:15:39.0461 0164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:15:39.0464 0164 UmPass - ok
04:15:39.0503 0164 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
04:15:39.0510 0164 UmRdpService - ok
04:15:39.0628 0164 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
04:15:39.0631 0164 UMVPFSrv - ok
04:15:39.0669 0164 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:15:39.0688 0164 upnphost - ok
04:15:39.0729 0164 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
04:15:39.0732 0164 USBAAPL64 - ok
04:15:39.0765 0164 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
04:15:39.0768 0164 usbaudio - ok
04:15:39.0785 0164 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
04:15:39.0789 0164 usbccgp - ok
04:15:39.0810 0164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
04:15:39.0813 0164 usbcir - ok
04:15:39.0827 0164 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
04:15:39.0830 0164 usbehci - ok
04:15:39.0854 0164 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
04:15:39.0865 0164 usbhub - ok
04:15:39.0882 0164 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
04:15:39.0885 0164 usbohci - ok
04:15:39.0905 0164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:15:39.0908 0164 usbprint - ok
04:15:39.0936 0164 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:15:39.0938 0164 usbscan - ok
04:15:39.0948 0164 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:15:39.0948 0164 USBSTOR - ok
04:15:39.0964 0164 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
04:15:39.0964 0164 usbuhci - ok
04:15:39.0979 0164 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:15:39.0979 0164 UxSms - ok
04:15:40.0019 0164 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:40.0021 0164 VaultSvc - ok
04:15:40.0032 0164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
04:15:40.0035 0164 vdrvroot - ok
04:15:40.0058 0164 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
04:15:40.0077 0164 vds - ok
04:15:40.0093 0164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:15:40.0096 0164 vga - ok
04:15:40.0111 0164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:15:40.0113 0164 VgaSave - ok
04:15:40.0136 0164 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
04:15:40.0141 0164 vhdmp - ok
04:15:40.0158 0164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
04:15:40.0160 0164 viaide - ok
04:15:40.0190 0164 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
04:15:40.0194 0164 vmbus - ok
04:15:40.0215 0164 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
04:15:40.0217 0164 VMBusHID - ok
04:15:40.0233 0164 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
04:15:40.0236 0164 volmgr - ok
04:15:40.0262 0164 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
04:15:40.0273 0164 volmgrx - ok
04:15:40.0301 0164 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
04:15:40.0313 0164 volsnap - ok
04:15:40.0332 0164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:15:40.0334 0164 vsmraid - ok
04:15:40.0401 0164 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
04:15:40.0437 0164 VSS - ok
04:15:40.0586 0164 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
04:15:40.0606 0164 vToolbarUpdater11.2.0 - ok
04:15:40.0697 0164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:15:40.0700 0164 vwifibus - ok
04:15:40.0725 0164 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:15:40.0728 0164 VWiFiFlt - ok
04:15:40.0747 0164 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
04:15:40.0749 0164 vwifimp - ok
04:15:40.0774 0164 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:15:40.0793 0164 W32Time - ok
04:15:40.0875 0164 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
04:15:40.0893 0164 W3SVC - ok
04:15:40.0906 0164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:15:40.0907 0164 WacomPen - ok
04:15:40.0922 0164 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
04:15:40.0925 0164 WANARP - ok
04:15:40.0930 0164 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
04:15:40.0932 0164 Wanarpv6 - ok
04:15:40.0964 0164 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
04:15:40.0968 0164 WAS - ok
04:15:41.0111 0164 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:15:41.0121 0164 WatAdminSvc - ok
04:15:41.0269 0164 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
04:15:41.0317 0164 wbengine - ok
04:15:41.0402 0164 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:15:41.0408 0164 WbioSrvc - ok
04:15:41.0429 0164 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
04:15:41.0450 0164 wcncsvc - ok
04:15:41.0466 0164 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:15:41.0471 0164 WcsPlugInService - ok
04:15:41.0503 0164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:15:41.0503 0164 Wd - ok
04:15:41.0552 0164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:15:41.0573 0164 Wdf01000 - ok
04:15:41.0592 0164 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:15:41.0597 0164 WdiServiceHost - ok
04:15:41.0601 0164 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:15:41.0604 0164 WdiSystemHost - ok
04:15:41.0634 0164 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
04:15:41.0647 0164 WebClient - ok
04:15:41.0668 0164 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:15:41.0681 0164 Wecsvc - ok
04:15:41.0700 0164 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:15:41.0705 0164 wercplsupport - ok
04:15:41.0733 0164 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:15:41.0738 0164 WerSvc - ok
04:15:41.0761 0164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:15:41.0763 0164 WfpLwf - ok
04:15:41.0777 0164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:15:41.0779 0164 WIMMount - ok
04:15:41.0823 0164 WinDefend - ok
04:15:41.0837 0164 WinHttpAutoProxySvc - ok
04:15:41.0902 0164 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:15:41.0907 0164 Winmgmt - ok
04:15:41.0997 0164 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
04:15:42.0036 0164 WinRM - ok
04:15:42.0160 0164 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
04:15:42.0163 0164 WinUsb - ok
04:15:42.0221 0164 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:15:42.0240 0164 Wlansvc - ok
04:15:42.0252 0164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:15:42.0252 0164 WmiAcpi - ok
04:15:42.0293 0164 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:15:42.0298 0164 wmiApSrv - ok
04:15:42.0342 0164 WMPNetworkSvc - ok
04:15:42.0391 0164 WN111v2 (6bf703695177639b50bc89b83371fce7) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
04:15:42.0412 0164 WN111v2 - ok
04:15:42.0423 0164 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:15:42.0428 0164 WPCSvc - ok
04:15:42.0440 0164 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
04:15:42.0445 0164 WPDBusEnum - ok
04:15:42.0457 0164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:15:42.0458 0164 ws2ifsl - ok
04:15:42.0595 0164 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
04:15:42.0599 0164 wscsvc - ok
04:15:42.0638 0164 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
04:15:42.0641 0164 WSDPrintDevice - ok
04:15:42.0645 0164 WSearch - ok
04:15:42.0761 0164 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
04:15:42.0812 0164 wuauserv - ok
04:15:42.0908 0164 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
04:15:42.0911 0164 WudfPf - ok
04:15:42.0946 0164 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:15:42.0973 0164 WUDFRd - ok
04:15:43.0028 0164 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
04:15:43.0032 0164 wudfsvc - ok
04:15:43.0054 0164 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:15:43.0067 0164 WwanSvc - ok
04:15:43.0224 0164 {B154377D-700F-42cc-9474-23858FBDF4BD} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
04:15:43.0228 0164 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
04:15:43.0266 0164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:15:43.0414 0164 \Device\Harddisk0\DR0 - ok
04:15:43.0421 0164 MBR (0x1B8) (de2734461235a294a2abec29cfbcbb23) \Device\Harddisk1\DR1
04:15:44.0479 0164 \Device\Harddisk1\DR1 - ok
04:15:44.0500 0164 Boot (0x1200) (1103e5a3707dfce1aedd5ef97b4ab6a6) \Device\Harddisk0\DR0\Partition0
04:15:44.0503 0164 \Device\Harddisk0\DR0\Partition0 - ok
04:15:44.0508 0164 Boot (0x1200) (fa538bde26cf34e2685e469709df9f0c) \Device\Harddisk0\DR0\Partition1
04:15:44.0510 0164 \Device\Harddisk0\DR0\Partition1 - ok
04:15:44.0511 0164 ============================================================
04:15:44.0512 0164 Scan finished
04:15:44.0512 0164 ============================================================
04:15:44.0532 4352 Detected object count: 0
04:15:44.0532 4352 Actual detected object count: 0





04:14:43.0943 5616 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
04:14:43.0958 5616 ============================================================
04:14:43.0958 5616 Current date / time: 2012/07/13 04:14:43.0958
04:14:43.0958 5616 SystemInfo:
04:14:43.0958 5616
04:14:43.0958 5616 OS Version: 6.1.7600 ServicePack: 0.0
04:14:43.0958 5616 Product type: Workstation
04:14:43.0959 5616 ComputerName: HEYJUDE-PC
04:14:43.0959 5616 UserName: HeyJude
04:14:43.0959 5616 Windows directory: C:\Windows
04:14:43.0959 5616 System windows directory: C:\Windows
04:14:43.0959 5616 Running under WOW64
04:14:43.0959 5616 Processor architecture: Intel x64
04:14:43.0959 5616 Number of processors: 4
04:14:43.0959 5616 Page size: 0x1000
04:14:43.0959 5616 Boot type: Normal boot
04:14:43.0959 5616 ============================================================
04:14:45.0734 5616 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:14:45.0741 5616 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:14:51.0618 5616 ============================================================
04:14:51.0618 5616 \Device\Harddisk0\DR0:
04:14:51.0630 5616 MBR partitions:
04:14:51.0630 5616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
04:14:51.0631 5616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x55726000
04:14:51.0631 5616 \Device\Harddisk1\DR1:
04:14:51.0631 5616 Invalid mbr signature
04:14:51.0631 5616 ============================================================
04:14:51.0664 5616 C: <-> \Device\Harddisk0\DR0\Partition1
04:14:51.0698 5616 D: <-> \Device\Harddisk0\DR0\Partition0
04:14:51.0699 5616 ============================================================
04:14:51.0699 5616 Initialize success
04:14:51.0699 5616 ============================================================
04:15:19.0808 0164 ============================================================
04:15:19.0808 0164 Scan started
04:15:19.0808 0164 Mode: Manual;
04:15:19.0808 0164 ============================================================
04:15:22.0079 0164 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
04:15:22.0081 0164 1394ohci - ok
04:15:22.0120 0164 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
04:15:22.0123 0164 ACPI - ok
04:15:22.0139 0164 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
04:15:22.0141 0164 AcpiPmi - ok
04:15:22.0182 0164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:15:22.0186 0164 adp94xx - ok
04:15:22.0212 0164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:15:22.0214 0164 adpahci - ok
04:15:22.0234 0164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:15:22.0237 0164 adpu320 - ok
04:15:22.0273 0164 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:15:22.0274 0164 AeLookupSvc - ok
04:15:22.0345 0164 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
04:15:22.0347 0164 AERTFilters - ok
04:15:22.0401 0164 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
04:15:22.0404 0164 AFD - ok
04:15:22.0419 0164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
04:15:22.0421 0164 agp440 - ok
04:15:22.0441 0164 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:15:22.0443 0164 ALG - ok
04:15:22.0456 0164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
04:15:22.0458 0164 aliide - ok
04:15:22.0516 0164 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
04:15:22.0518 0164 AMD External Events Utility - ok
04:15:22.0531 0164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
04:15:22.0533 0164 amdide - ok
04:15:22.0563 0164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:15:22.0566 0164 AmdK8 - ok
04:15:23.0255 0164 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
04:15:23.0329 0164 amdkmdag - ok
04:15:23.0431 0164 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
04:15:23.0441 0164 amdkmdap - ok
04:15:23.0459 0164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:15:23.0461 0164 AmdPPM - ok
04:15:23.0493 0164 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
04:15:23.0496 0164 amdsata - ok
04:15:23.0523 0164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:15:23.0526 0164 amdsbs - ok
04:15:23.0545 0164 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
04:15:23.0547 0164 amdxata - ok
04:15:23.0626 0164 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll
04:15:23.0627 0164 AppHostSvc - ok
04:15:23.0647 0164 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
04:15:23.0649 0164 AppID - ok
04:15:23.0686 0164 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:15:23.0689 0164 AppIDSvc - ok
04:15:23.0715 0164 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
04:15:23.0717 0164 Appinfo - ok
04:15:23.0858 0164 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:15:23.0859 0164 Apple Mobile Device - ok
04:15:23.0892 0164 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
04:15:23.0894 0164 AppMgmt - ok
04:15:23.0907 0164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:15:23.0910 0164 arc - ok
04:15:23.0925 0164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:15:23.0928 0164 arcsas - ok
04:15:24.0044 0164 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:15:24.0045 0164 aspnet_state - ok
04:15:24.0062 0164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:15:24.0063 0164 AsyncMac - ok
04:15:24.0079 0164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
04:15:24.0079 0164 atapi - ok
04:15:24.0398 0164 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
04:15:24.0458 0164 atikmdag - ok
04:15:24.0597 0164 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
04:15:24.0605 0164 AudioEndpointBuilder - ok
04:15:24.0615 0164 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
04:15:24.0620 0164 AudioSrv - ok
04:15:24.0881 0164 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
04:15:24.0909 0164 AVGIDSAgent - ok
04:15:24.0991 0164 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
04:15:24.0993 0164 AVGIDSDriver - ok
04:15:25.0026 0164 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
04:15:25.0028 0164 AVGIDSEH - ok
04:15:25.0043 0164 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
04:15:25.0046 0164 AVGIDSFilter - ok
04:15:25.0077 0164 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
04:15:25.0086 0164 Avgldx64 - ok
04:15:25.0102 0164 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
04:15:25.0104 0164 Avgmfx64 - ok
04:15:25.0135 0164 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
04:15:25.0138 0164 Avgrkx64 - ok
04:15:25.0180 0164 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
04:15:25.0180 0164 Avgtdia - ok
04:15:25.0301 0164 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
04:15:25.0303 0164 avgwd - ok
04:15:25.0343 0164 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
04:15:25.0346 0164 AxInstSV - ok
04:15:25.0399 0164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:15:25.0413 0164 b06bdrv - ok
04:15:25.0464 0164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:15:25.0474 0164 b57nd60a - ok
04:15:25.0501 0164 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:15:25.0504 0164 BDESVC - ok
04:15:25.0519 0164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:15:25.0522 0164 Beep - ok
04:15:25.0580 0164 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
04:15:25.0588 0164 BFE - ok
04:15:25.0646 0164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:15:25.0648 0164 blbdrive - ok
04:15:25.0732 0164 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
04:15:25.0741 0164 Bonjour Service - ok
04:15:25.0777 0164 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
04:15:25.0780 0164 bowser - ok
04:15:25.0799 0164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:15:25.0801 0164 BrFiltLo - ok
04:15:25.0817 0164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:15:25.0819 0164 BrFiltUp - ok
04:15:25.0832 0164 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:15:25.0834 0164 BridgeMP - ok
04:15:25.0855 0164 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
04:15:25.0856 0164 Browser - ok
04:15:25.0878 0164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:15:25.0882 0164 Brserid - ok
04:15:25.0900 0164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:15:25.0902 0164 BrSerWdm - ok
04:15:25.0918 0164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:15:25.0920 0164 BrUsbMdm - ok
04:15:25.0931 0164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:15:25.0933 0164 BrUsbSer - ok
04:15:25.0955 0164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:15:25.0957 0164 BTHMODEM - ok
04:15:25.0985 0164 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:15:25.0988 0164 bthserv - ok
04:15:26.0026 0164 catchme - ok
04:15:26.0055 0164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:15:26.0058 0164 cdfs - ok
04:15:26.0091 0164 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
04:15:26.0095 0164 cdrom - ok
04:15:26.0124 0164 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
04:15:26.0128 0164 CertPropSvc - ok
04:15:26.0141 0164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:15:26.0143 0164 circlass - ok
04:15:26.0168 0164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:15:26.0171 0164 CLFS - ok
04:15:26.0238 0164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:15:26.0238 0164 clr_optimization_v2.0.50727_32 - ok
04:15:26.0269 0164 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:15:26.0269 0164 clr_optimization_v2.0.50727_64 - ok
04:15:26.0351 0164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:15:26.0352 0164 clr_optimization_v4.0.30319_32 - ok
04:15:26.0375 0164 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:15:26.0378 0164 clr_optimization_v4.0.30319_64 - ok
04:15:26.0404 0164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:15:26.0406 0164 CmBatt - ok
04:15:26.0420 0164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
04:15:26.0422 0164 cmdide - ok
04:15:26.0510 0164 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
04:15:26.0546 0164 CNG - ok
04:15:26.0606 0164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:15:26.0607 0164 Compbatt - ok
04:15:26.0633 0164 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
04:15:26.0635 0164 CompositeBus - ok
04:15:26.0643 0164 COMSysApp - ok
04:15:26.0659 0164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:15:26.0661 0164 crcdisk - ok
04:15:26.0711 0164 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
04:15:26.0713 0164 CryptSvc - ok
04:15:26.0758 0164 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
04:15:26.0772 0164 CSC - ok
04:15:26.0802 0164 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
04:15:26.0807 0164 CscService - ok
04:15:26.0856 0164 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
04:15:26.0873 0164 DcomLaunch - ok
04:15:26.0893 0164 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:15:26.0903 0164 defragsvc - ok
04:15:26.0986 0164 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
04:15:26.0988 0164 DfsC - ok
04:15:27.0044 0164 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
04:15:27.0086 0164 Dhcp - ok
04:15:27.0118 0164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:15:27.0119 0164 discache - ok
04:15:27.0145 0164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:15:27.0148 0164 Disk - ok
04:15:27.0185 0164 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
04:15:27.0189 0164 Dnscache - ok
04:15:27.0210 0164 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
04:15:27.0214 0164 dot3svc - ok
04:15:27.0228 0164 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
04:15:27.0232 0164 DPS - ok
04:15:27.0268 0164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:15:27.0270 0164 drmkaud - ok
04:15:27.0309 0164 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
04:15:27.0324 0164 DXGKrnl - ok
04:15:27.0367 0164 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:15:27.0370 0164 EapHost - ok
04:15:27.0488 0164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:15:27.0520 0164 ebdrv - ok
04:15:27.0625 0164 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
04:15:27.0627 0164 EFS - ok
04:15:27.0697 0164 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
04:15:27.0714 0164 ehRecvr - ok
04:15:27.0750 0164 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:15:27.0753 0164 ehSched - ok
04:15:27.0786 0164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:15:27.0802 0164 elxstor - ok
04:15:27.0814 0164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
04:15:27.0816 0164 ErrDev - ok
04:15:27.0870 0164 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:15:27.0881 0164 EventSystem - ok
04:15:27.0899 0164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:15:27.0904 0164 exfat - ok
04:15:27.0924 0164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:15:27.0929 0164 fastfat - ok
04:15:27.0971 0164 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
04:15:28.0010 0164 Fax - ok
04:15:28.0035 0164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:15:28.0037 0164 fdc - ok
04:15:28.0052 0164 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:15:28.0054 0164 fdPHost - ok
04:15:28.0071 0164 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:15:28.0073 0164 FDResPub - ok
04:15:28.0091 0164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:15:28.0094 0164 FileInfo - ok
04:15:28.0114 0164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:15:28.0116 0164 Filetrace - ok
04:15:28.0185 0164 FingerPrint - ok
04:15:28.0202 0164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:15:28.0204 0164 flpydisk - ok
04:15:28.0225 0164 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
04:15:28.0231 0164 FltMgr - ok
04:15:28.0291 0164 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
04:15:28.0316 0164 FontCache - ok
04:15:28.0379 0164 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:15:28.0379 0164 FontCache3.0.0.0 - ok
04:15:28.0421 0164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:15:28.0424 0164 FsDepends - ok
04:15:28.0437 0164 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:15:28.0439 0164 Fs_Rec - ok
04:15:28.0494 0164 ftpsvc (67579d0aada8c78bc0b7d12a1cea38ac) C:\Windows\system32\inetsrv\ftpsvc.dll
04:15:28.0505 0164 ftpsvc - ok
04:15:28.0548 0164 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:15:28.0553 0164 fvevol - ok
04:15:28.0565 0164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:15:28.0568 0164 gagp30kx - ok
04:15:28.0606 0164 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:15:28.0609 0164 GEARAspiWDM - ok
04:15:28.0660 0164 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
04:15:28.0683 0164 gpsvc - ok
04:15:28.0784 0164 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:15:28.0787 0164 gupdate - ok
04:15:28.0792 0164 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:15:28.0793 0164 gupdatem - ok
04:15:28.0812 0164 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:15:28.0816 0164 gusvc - ok
04:15:28.0834 0164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:15:28.0835 0164 hcw85cir - ok
04:15:28.0879 0164 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
04:15:28.0890 0164 HdAudAddService - ok
04:15:28.0918 0164 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:15:28.0921 0164 HDAudBus - ok
04:15:28.0939 0164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:15:28.0940 0164 HidBatt - ok
04:15:28.0957 0164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:15:28.0958 0164 HidBth - ok
04:15:28.0980 0164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:15:28.0981 0164 HidIr - ok
04:15:29.0007 0164 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:15:29.0009 0164 hidserv - ok
04:15:29.0043 0164 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
04:15:29.0045 0164 HidUsb - ok
04:15:29.0082 0164 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
04:15:29.0085 0164 hkmsvc - ok
04:15:29.0106 0164 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
04:15:29.0110 0164 HomeGroupListener - ok
04:15:29.0147 0164 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
04:15:29.0152 0164 HomeGroupProvider - ok
04:15:29.0180 0164 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
04:15:29.0181 0164 HpSAMD - ok
04:15:29.0216 0164 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
04:15:29.0221 0164 HTTP - ok
04:15:29.0231 0164 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
04:15:29.0231 0164 hwpolicy - ok
04:15:29.0267 0164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
04:15:29.0270 0164 i8042prt - ok
04:15:29.0377 0164 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
04:15:29.0380 0164 iaStorV - ok
04:15:29.0477 0164 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:15:29.0497 0164 idsvc - ok
04:15:29.0512 0164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:15:29.0513 0164 iirsp - ok
04:15:29.0571 0164 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
04:15:29.0593 0164 IKEEXT - ok
04:15:29.0700 0164 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys
04:15:29.0735 0164 IntcAzAudAddService - ok
04:15:29.0828 0164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
04:15:29.0829 0164 intelide - ok
04:15:29.0854 0164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:15:29.0855 0164 intelppm - ok
04:15:29.0879 0164 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:15:29.0883 0164 IPBusEnum - ok
04:15:29.0899 0164 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:15:29.0903 0164 IpFilterDriver - ok
04:15:29.0941 0164 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
04:15:29.0958 0164 iphlpsvc - ok
04:15:29.0974 0164 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
04:15:29.0974 0164 IPMIDRV - ok
04:15:30.0006 0164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:15:30.0010 0164 IPNAT - ok
04:15:30.0135 0164 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
04:15:30.0142 0164 iPod Service - ok
04:15:30.0164 0164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:15:30.0167 0164 IRENUM - ok
04:15:30.0178 0164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
04:15:30.0178 0164 isapnp - ok
04:15:30.0197 0164 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
04:15:30.0202 0164 iScsiPrt - ok
04:15:30.0306 0164 jswpsapi (78d233d835a8876035ac559afe02b940) C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
04:15:30.0328 0164 jswpsapi - ok
04:15:30.0382 0164 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
04:15:30.0384 0164 JSWPSLWF - ok
04:15:30.0407 0164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:15:30.0409 0164 kbdclass - ok
04:15:30.0427 0164 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
04:15:30.0430 0164 kbdhid - ok
04:15:30.0457 0164 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:30.0457 0164 KeyIso - ok
04:15:30.0547 0164 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
04:15:30.0558 0164 Kodak AiO Network Discovery Service - ok
04:15:30.0571 0164 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
04:15:30.0574 0164 KSecDD - ok
04:15:30.0592 0164 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
04:15:30.0596 0164 KSecPkg - ok
04:15:30.0602 0164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:15:30.0604 0164 ksthunk - ok
04:15:30.0653 0164 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:15:30.0664 0164 KtmRm - ok
04:15:30.0696 0164 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
04:15:30.0703 0164 LanmanServer - ok
04:15:30.0734 0164 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
04:15:30.0739 0164 LanmanWorkstation - ok
04:15:30.0762 0164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:15:30.0765 0164 lltdio - ok
04:15:30.0803 0164 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:15:30.0814 0164 lltdsvc - ok
04:15:30.0827 0164 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:15:30.0830 0164 lmhosts - ok
04:15:30.0950 0164 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
04:15:30.0953 0164 LMIGuardianSvc - ok
04:15:30.0979 0164 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
04:15:30.0982 0164 LMIInfo - ok
04:15:31.0022 0164 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
04:15:31.0025 0164 LMIMaint - ok
04:15:31.0043 0164 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
04:15:31.0045 0164 lmimirr - ok
04:15:31.0052 0164 LMIRfsClientNP - ok
04:15:31.0069 0164 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
04:15:31.0072 0164 LMIRfsDriver - ok
04:15:31.0112 0164 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
04:15:31.0122 0164 LogMeIn - ok
04:15:31.0170 0164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:15:31.0171 0164 LSI_FC - ok
04:15:31.0187 0164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:15:31.0189 0164 LSI_SAS - ok
04:15:31.0203 0164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:15:31.0204 0164 LSI_SAS2 - ok
04:15:31.0222 0164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:15:31.0223 0164 LSI_SCSI - ok
04:15:31.0243 0164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:15:31.0247 0164 luafv - ok
04:15:31.0278 0164 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
04:15:31.0280 0164 LVPr2M64 - ok
04:15:31.0323 0164 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
04:15:31.0324 0164 LVPr2Mon - ok
04:15:31.0430 0164 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
04:15:31.0431 0164 LVPrcS64 - ok
04:15:31.0475 0164 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
04:15:31.0486 0164 LVRS64 - ok
04:15:31.0654 0164 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
04:15:31.0740 0164 LVUVC64 - ok
04:15:31.0805 0164 Mcx2Svc - ok
04:15:31.0896 0164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:15:31.0896 0164 megasas - ok
04:15:31.0921 0164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:15:31.0923 0164 MegaSR - ok
04:15:32.0040 0164 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
04:15:32.0041 0164 Microsoft Office Groove Audit Service - ok
04:15:32.0073 0164 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:15:32.0077 0164 MMCSS - ok
04:15:32.0093 0164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:15:32.0095 0164 Modem - ok
04:15:32.0123 0164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:15:32.0124 0164 monitor - ok
04:15:32.0145 0164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:15:32.0148 0164 mouclass - ok
04:15:32.0174 0164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:15:32.0177 0164 mouhid - ok
04:15:32.0195 0164 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
04:15:32.0197 0164 mountmgr - ok
04:15:32.0278 0164 mozybackup (4559f45671297fe955b3b6de1bdf26ce) C:\Program Files\MozyHome\mozybackup.exe
04:15:32.0278 0164 mozybackup - ok
04:15:32.0313 0164 mozyFilter (792e9d1d6160df481dea44d8171b8e25) C:\Windows\system32\DRIVERS\mozy.sys
04:15:32.0316 0164 mozyFilter - ok
04:15:32.0336 0164 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
04:15:32.0340 0164 mpio - ok
04:15:32.0359 0164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:15:32.0362 0164 mpsdrv - ok
04:15:32.0411 0164 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
04:15:32.0430 0164 MpsSvc - ok
04:15:32.0449 0164 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
04:15:32.0454 0164 MRxDAV - ok
04:15:32.0481 0164 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:15:32.0486 0164 mrxsmb - ok
04:15:32.0504 0164 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:15:32.0517 0164 mrxsmb10 - ok
04:15:32.0535 0164 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:15:32.0539 0164 mrxsmb20 - ok
04:15:32.0551 0164 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
04:15:32.0551 0164 msahci - ok
04:15:32.0582 0164 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
04:15:32.0582 0164 msdsm - ok
04:15:32.0598 0164 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:15:32.0598 0164 MSDTC - ok
04:15:32.0639 0164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:15:32.0641 0164 Msfs - ok
04:15:32.0665 0164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:15:32.0667 0164 mshidkmdf - ok
04:15:32.0679 0164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
04:15:32.0682 0164 msisadrv - ok
04:15:32.0713 0164 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:15:32.0719 0164 MSiSCSI - ok
04:15:32.0724 0164 msiserver - ok
04:15:32.0754 0164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:15:32.0756 0164 MSKSSRV - ok
04:15:32.0768 0164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:15:32.0771 0164 MSPCLOCK - ok
04:15:32.0786 0164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:15:32.0788 0164 MSPQM - ok
04:15:32.0813 0164 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
04:15:32.0825 0164 MsRPC - ok
04:15:32.0842 0164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
04:15:32.0843 0164 mssmbios - ok
04:15:32.0853 0164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:15:32.0855 0164 MSTEE - ok
04:15:32.0893 0164 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
04:15:32.0896 0164 msvad_simple - ok
04:15:32.0909 0164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:15:32.0911 0164 MTConfig - ok
04:15:32.0923 0164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:15:32.0926 0164 Mup - ok
04:15:32.0999 0164 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
04:15:33.0018 0164 napagent - ok
04:15:33.0063 0164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:15:33.0084 0164 NativeWifiP - ok
04:15:33.0233 0164 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
04:15:33.0239 0164 NBService - ok
04:15:33.0299 0164 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
04:15:33.0305 0164 NDIS - ok
04:15:33.0316 0164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:15:33.0319 0164 NdisCap - ok
04:15:33.0342 0164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:15:33.0344 0164 NdisTapi - ok
04:15:33.0353 0164 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
04:15:33.0356 0164 Ndisuio - ok
04:15:33.0373 0164 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:15:33.0377 0164 NdisWan - ok
04:15:33.0390 0164 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
04:15:33.0392 0164 NDProxy - ok
04:15:33.0426 0164 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
04:15:33.0428 0164 Netaapl - ok
04:15:33.0443 0164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:15:33.0446 0164 NetBIOS - ok
04:15:33.0468 0164 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
04:15:33.0471 0164 NetBT - ok
04:15:33.0505 0164 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:33.0507 0164 Netlogon - ok
04:15:33.0557 0164 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:15:33.0568 0164 Netman - ok
04:15:33.0642 0164 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:15:33.0642 0164 NetMsmqActivator - ok
04:15:33.0658 0164 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:15:33.0658 0164 NetPipeActivator - ok
04:15:33.0690 0164 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:15:33.0709 0164 netprofm - ok
04:15:33.0714 0164 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:15:33.0716 0164 NetTcpActivator - ok
04:15:33.0722 0164 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:15:33.0723 0164 NetTcpPortSharing - ok
04:15:33.0775 0164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:15:33.0778 0164 nfrd960 - ok
04:15:33.0803 0164 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
04:15:33.0815 0164 NlaSvc - ok
04:15:33.0921 0164 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
04:15:33.0925 0164 NMIndexingService - ok
04:15:33.0941 0164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:15:33.0944 0164 Npfs - ok
04:15:33.0960 0164 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:15:33.0964 0164 nsi - ok
04:15:33.0979 0164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:15:33.0980 0164 nsiproxy - ok
04:15:34.0046 0164 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
04:15:34.0069 0164 Ntfs - ok
04:15:34.0165 0164 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:15:34.0167 0164 Null - ok
04:15:34.0187 0164 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
04:15:34.0191 0164 nvraid - ok
04:15:34.0206 0164 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
04:15:34.0211 0164 nvstor - ok
04:15:34.0232 0164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
04:15:34.0235 0164 nv_agp - ok
04:15:34.0296 0164 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:15:34.0299 0164 odserv - ok
04:15:34.0324 0164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
04:15:34.0327 0164 ohci1394 - ok
04:15:34.0365 0164 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:15:34.0367 0164 ose - ok
04:15:34.0407 0164 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:15:34.0419 0164 p2pimsvc - ok
04:15:34.0466 0164 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:15:34.0484 0164 p2psvc - ok
04:15:34.0505 0164 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:15:34.0508 0164 Parport - ok
04:15:34.0522 0164 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
04:15:34.0525 0164 partmgr - ok
04:15:34.0552 0164 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
04:15:34.0555 0164 PCAMp50a64 - ok
04:15:34.0578 0164 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
04:15:34.0580 0164 PCASp50a64 - ok
04:15:34.0602 0164 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:15:34.0607 0164 PcaSvc - ok
04:15:34.0625 0164 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
04:15:34.0630 0164 pci - ok
04:15:34.0643 0164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
04:15:34.0645 0164 pciide - ok
04:15:34.0663 0164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:15:34.0667 0164 pcmcia - ok
04:15:34.0682 0164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:15:34.0682 0164 pcw - ok
04:15:34.0713 0164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:15:34.0733 0164 PEAUTH - ok
04:15:34.0805 0164 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
04:15:34.0835 0164 PeerDistSvc - ok
04:15:34.0902 0164 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:15:34.0905 0164 PerfHost - ok
04:15:35.0031 0164 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
04:15:35.0063 0164 pla - ok
04:15:35.0113 0164 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
04:15:35.0117 0164 PlugPlay - ok
04:15:35.0125 0164 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:15:35.0128 0164 PNRPAutoReg - ok
04:15:35.0148 0164 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:15:35.0152 0164 PNRPsvc - ok
04:15:35.0194 0164 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
04:15:35.0213 0164 PolicyAgent - ok
04:15:35.0248 0164 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:15:35.0254 0164 Power - ok
04:15:35.0299 0164 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
04:15:35.0303 0164 PptpMiniport - ok
04:15:35.0329 0164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:15:35.0332 0164 Processor - ok
04:15:35.0352 0164 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
04:15:35.0358 0164 ProfSvc - ok
04:15:35.0396 0164 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:35.0398 0164 ProtectedStorage - ok
04:15:35.0430 0164 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
04:15:35.0433 0164 Psched - ok
04:15:35.0474 0164 PxHlpa64 (dc2e1374677402bddb7fa4c51c8c7a8b) C:\Windows\system32\Drivers\PxHlpa64.sys
04:15:35.0476 0164 PxHlpa64 - ok
04:15:35.0540 0164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:15:35.0569 0164 ql2300 - ok
04:15:35.0642 0164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:15:35.0645 0164 ql40xx - ok
04:15:35.0668 0164 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:15:35.0681 0164 QWAVE - ok
04:15:35.0702 0164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:15:35.0705 0164 QWAVEdrv - ok
04:15:35.0721 0164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:15:35.0721 0164 RasAcd - ok
04:15:35.0752 0164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:15:35.0768 0164 RasAgileVpn - ok
04:15:35.0785 0164 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:15:35.0789 0164 RasAuto - ok
04:15:35.0809 0164 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:15:35.0812 0164 Rasl2tp - ok
04:15:35.0832 0164 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
04:15:35.0844 0164 RasMan - ok
04:15:35.0864 0164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:15:35.0867 0164 RasPppoe - ok
04:15:35.0878 0164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:15:35.0881 0164 RasSstp - ok
04:15:35.0902 0164 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
04:15:35.0914 0164 rdbss - ok
04:15:35.0925 0164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:15:35.0927 0164 rdpbus - ok
04:15:35.0941 0164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:15:35.0941 0164 RDPCDD - ok
04:15:35.0976 0164 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
04:15:35.0980 0164 RDPDR - ok
04:15:35.0990 0164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:15:35.0991 0164 RDPENCDD - ok
04:15:36.0002 0164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:15:36.0002 0164 RDPREFMP - ok
04:15:36.0021 0164 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
04:15:36.0026 0164 RDPWD - ok
04:15:36.0045 0164 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
04:15:36.0050 0164 rdyboost - ok
04:15:36.0103 0164 RemoteAccess - ok
04:15:36.0120 0164 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:15:36.0123 0164 RemoteRegistry - ok
04:15:36.0135 0164 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:15:36.0138 0164 RpcEptMapper - ok
04:15:36.0168 0164 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:15:36.0171 0164 RpcLocator - ok
04:15:36.0194 0164 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
04:15:36.0200 0164 RpcSs - ok
04:15:36.0247 0164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:15:36.0250 0164 rspndr - ok
04:15:36.0294 0164 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
04:15:36.0312 0164 RTL8167 - ok
04:15:36.0357 0164 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
04:15:36.0359 0164 RtNdPt60 - ok
04:15:36.0376 0164 RTTEAMPT (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
04:15:36.0379 0164 RTTEAMPT - ok
04:15:36.0406 0164 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
04:15:36.0408 0164 RTVLANPT - ok
04:15:36.0437 0164 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
04:15:36.0437 0164 s3cap - ok
04:15:36.0471 0164 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:36.0473 0164 SamSs - ok
04:15:36.0494 0164 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
04:15:36.0498 0164 sbp2port - ok
04:15:36.0527 0164 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:15:36.0533 0164 SCardSvr - ok
04:15:36.0575 0164 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
04:15:36.0578 0164 SCDEmu - ok
04:15:36.0593 0164 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
04:15:36.0596 0164 scfilter - ok
04:15:36.0656 0164 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
04:15:36.0671 0164 Schedule - ok
04:15:36.0703 0164 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
04:15:36.0704 0164 SCPolicySvc - ok
04:15:36.0723 0164 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
04:15:36.0728 0164 SDRSVC - ok
04:15:36.0775 0164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:15:36.0778 0164 secdrv - ok
04:15:36.0778 0164 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
04:15:36.0778 0164 seclogon - ok
04:15:36.0793 0164 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:15:36.0809 0164 SENS - ok
04:15:36.0809 0164 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:15:36.0809 0164 SensrSvc - ok
04:15:36.0824 0164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:15:36.0824 0164 Serenum - ok
04:15:36.0852 0164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:15:36.0855 0164 Serial - ok
04:15:36.0871 0164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:15:36.0873 0164 sermouse - ok
04:15:36.0897 0164 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
04:15:36.0902 0164 SessionEnv - ok
04:15:36.0920 0164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
04:15:36.0923 0164 sffdisk - ok
04:15:36.0934 0164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
04:15:36.0937 0164 sffp_mmc - ok
04:15:36.0954 0164 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
04:15:36.0957 0164 sffp_sd - ok
04:15:36.0975 0164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:15:36.0979 0164 sfloppy - ok
04:15:37.0040 0164 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:15:37.0052 0164 SharedAccess - ok
04:15:37.0080 0164 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
04:15:37.0092 0164 ShellHWDetection - ok
04:15:37.0106 0164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:15:37.0109 0164 SiSRaid2 - ok
04:15:37.0130 0164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:15:37.0134 0164 SiSRaid4 - ok
04:15:37.0343 0164 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
04:15:37.0395 0164 Skype C2C Service - ok
04:15:37.0471 0164 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
04:15:37.0474 0164 SkypeUpdate - ok
04:15:37.0554 0164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:15:37.0557 0164 Smb - ok
04:15:37.0606 0164 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:15:37.0609 0164 SNMPTRAP - ok
04:15:37.0617 0164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:15:37.0620 0164 spldr - ok
04:15:37.0658 0164 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
04:15:37.0675 0164 Spooler - ok
04:15:37.0792 0164 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
04:15:37.0851 0164 sppsvc - ok
04:15:37.0882 0164 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:15:37.0898 0164 sppuinotify - ok
04:15:37.0956 0164 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
04:15:37.0975 0164 srv - ok
04:15:38.0026 0164 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
04:15:38.0038 0164 srv2 - ok
04:15:38.0064 0164 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
04:15:38.0069 0164 srvnet - ok
04:15:38.0095 0164 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:15:38.0098 0164 SSDPSRV - ok
04:15:38.0111 0164 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:15:38.0116 0164 SstpSvc - ok
04:15:38.0146 0164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:15:38.0149 0164 stexstor - ok
04:15:38.0188 0164 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
04:15:38.0190 0164 StillCam - ok
04:15:38.0237 0164 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
04:15:38.0253 0164 stisvc - ok
04:15:38.0281 0164 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
04:15:38.0284 0164 storflt - ok
04:15:38.0301 0164 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
04:15:38.0304 0164 storvsc - ok
04:15:38.0321 0164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
04:15:38.0323 0164 swenum - ok
04:15:38.0355 0164 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:15:38.0370 0164 swprv - ok
04:15:38.0440 0164 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
04:15:38.0482 0164 SysMain - ok
04:15:38.0565 0164 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
04:15:38.0571 0164 TabletInputService - ok
04:15:38.0591 0164 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
04:15:38.0603 0164 TapiSrv - ok
04:15:38.0621 0164 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:15:38.0626 0164 TBS - ok
04:15:38.0718 0164 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
04:15:38.0731 0164 Tcpip - ok
04:15:38.0842 0164 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
04:15:38.0854 0164 TCPIP6 - ok
04:15:38.0892 0164 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
04:15:38.0892 0164 tcpipreg - ok
04:15:38.0908 0164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:15:38.0924 0164 TDPIPE - ok
04:15:38.0939 0164 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
04:15:38.0939 0164 TDTCP - ok
04:15:38.0960 0164 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
04:15:38.0989 0164 tdx - ok
04:15:39.0033 0164 TEAM (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
04:15:39.0034 0164 TEAM - ok
04:15:39.0053 0164 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
04:15:39.0055 0164 TermDD - ok
04:15:39.0114 0164 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
04:15:39.0136 0164 TermService - ok
04:15:39.0147 0164 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:15:39.0151 0164 Themes - ok
04:15:39.0186 0164 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:15:39.0188 0164 THREADORDER - ok
04:15:39.0202 0164 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:15:39.0207 0164 TrkWks - ok
04:15:39.0258 0164 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
04:15:39.0260 0164 TrustedInstaller - ok
04:15:39.0279 0164 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:15:39.0280 0164 tssecsrv - ok
04:15:39.0310 0164 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
04:15:39.0313 0164 tunnel - ok
04:15:39.0331 0164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:15:39.0334 0164 uagp35 - ok
04:15:39.0359 0164 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
04:15:39.0370 0164 udfs - ok
04:15:39.0394 0164 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:15:39.0399 0164 UI0Detect - ok
04:15:39.0415 0164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
04:15:39.0418 0164 uliagpkx - ok
04:15:39.0441 0164 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
04:15:39.0444 0164 umbus - ok
04:15:39.0461 0164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:15:39.0464 0164 UmPass - ok
04:15:39.0503 0164 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
04:15:39.0510 0164 UmRdpService - ok
04:15:39.0628 0164 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
04:15:39.0631 0164 UMVPFSrv - ok
04:15:39.0669 0164 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:15:39.0688 0164 upnphost - ok
04:15:39.0729 0164 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
04:15:39.0732 0164 USBAAPL64 - ok
04:15:39.0765 0164 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
04:15:39.0768 0164 usbaudio - ok
04:15:39.0785 0164 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
04:15:39.0789 0164 usbccgp - ok
04:15:39.0810 0164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
04:15:39.0813 0164 usbcir - ok
04:15:39.0827 0164 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
04:15:39.0830 0164 usbehci - ok
04:15:39.0854 0164 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
04:15:39.0865 0164 usbhub - ok
04:15:39.0882 0164 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
04:15:39.0885 0164 usbohci - ok
04:15:39.0905 0164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:15:39.0908 0164 usbprint - ok
04:15:39.0936 0164 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:15:39.0938 0164 usbscan - ok
04:15:39.0948 0164 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:15:39.0948 0164 USBSTOR - ok
04:15:39.0964 0164 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
04:15:39.0964 0164 usbuhci - ok
04:15:39.0979 0164 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:15:39.0979 0164 UxSms - ok
04:15:40.0019 0164 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:15:40.0021 0164 VaultSvc - ok
04:15:40.0032 0164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
04:15:40.0035 0164 vdrvroot - ok
04:15:40.0058 0164 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
04:15:40.0077 0164 vds - ok
04:15:40.0093 0164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:15:40.0096 0164 vga - ok
04:15:40.0111 0164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:15:40.0113 0164 VgaSave - ok
04:15:40.0136 0164 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
04:15:40.0141 0164 vhdmp - ok
04:15:40.0158 0164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
04:15:40.0160 0164 viaide - ok
04:15:40.0190 0164 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
04:15:40.0194 0164 vmbus - ok
04:15:40.0215 0164 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
04:15:40.0217 0164 VMBusHID - ok
04:15:40.0233 0164 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
04:15:40.0236 0164 volmgr - ok
04:15:40.0262 0164 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
04:15:40.0273 0164 volmgrx - ok
04:15:40.0301 0164 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
04:15:40.0313 0164 volsnap - ok
04:15:40.0332 0164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:15:40.0334 0164 vsmraid - ok
04:15:40.0401 0164 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
04:15:40.0437 0164 VSS - ok
04:15:40.0586 0164 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
04:15:40.0606 0164 vToolbarUpdater11.2.0 - ok
04:15:40.0697 0164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:15:40.0700 0164 vwifibus - ok
04:15:40.0725 0164 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:15:40.0728 0164 VWiFiFlt - ok
04:15:40.0747 0164 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
04:15:40.0749 0164 vwifimp - ok
04:15:40.0774 0164 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:15:40.0793 0164 W32Time - ok
04:15:40.0875 0164 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
04:15:40.0893 0164 W3SVC - ok
04:15:40.0906 0164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:15:40.0907 0164 WacomPen - ok
04:15:40.0922 0164 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
04:15:40.0925 0164 WANARP - ok
04:15:40.0930 0164 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
04:15:40.0932 0164 Wanarpv6 - ok
04:15:40.0964 0164 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
04:15:40.0968 0164 WAS - ok
04:15:41.0111 0164 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:15:41.0121 0164 WatAdminSvc - ok
04:15:41.0269 0164 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
04:15:41.0317 0164 wbengine - ok
04:15:41.0402 0164 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:15:41.0408 0164 WbioSrvc - ok
04:15:41.0429 0164 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
04:15:41.0450 0164 wcncsvc - ok
04:15:41.0466 0164 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:15:41.0471 0164 WcsPlugInService - ok
04:15:41.0503 0164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:15:41.0503 0164 Wd - ok
04:15:41.0552 0164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:15:41.0573 0164 Wdf01000 - ok
04:15:41.0592 0164 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:15:41.0597 0164 WdiServiceHost - ok
04:15:41.0601 0164 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:15:41.0604 0164 WdiSystemHost - ok
04:15:41.0634 0164 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
04:15:41.0647 0164 WebClient - ok
04:15:41.0668 0164 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:15:41.0681 0164 Wecsvc - ok
04:15:41.0700 0164 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:15:41.0705 0164 wercplsupport - ok
04:15:41.0733 0164 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:15:41.0738 0164 WerSvc - ok
04:15:41.0761 0164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:15:41.0763 0164 WfpLwf - ok
04:15:41.0777 0164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:15:41.0779 0164 WIMMount - ok
04:15:41.0823 0164 WinDefend - ok
04:15:41.0837 0164 WinHttpAutoProxySvc - ok
04:15:41.0902 0164 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:15:41.0907 0164 Winmgmt - ok
04:15:41.0997 0164 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
04:15:42.0036 0164 WinRM - ok
04:15:42.0160 0164 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
04:15:42.0163 0164 WinUsb - ok
04:15:42.0221 0164 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:15:42.0240 0164 Wlansvc - ok
04:15:42.0252 0164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:15:42.0252 0164 WmiAcpi - ok
04:15:42.0293 0164 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:15:42.0298 0164 wmiApSrv - ok
04:15:42.0342 0164 WMPNetworkSvc - ok
04:15:42.0391 0164 WN111v2 (6bf703695177639b50bc89b83371fce7) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
04:15:42.0412 0164 WN111v2 - ok
04:15:42.0423 0164 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:15:42.0428 0164 WPCSvc - ok
04:15:42.0440 0164 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
04:15:42.0445 0164 WPDBusEnum - ok
04:15:42.0457 0164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:15:42.0458 0164 ws2ifsl - ok
04:15:42.0595 0164 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
04:15:42.0599 0164 wscsvc - ok
04:15:42.0638 0164 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
04:15:42.0641 0164 WSDPrintDevice - ok
04:15:42.0645 0164 WSearch - ok
04:15:42.0761 0164 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
04:15:42.0812 0164 wuauserv - ok
04:15:42.0908 0164 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
04:15:42.0911 0164 WudfPf - ok
04:15:42.0946 0164 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:15:42.0973 0164 WUDFRd - ok
04:15:43.0028 0164 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
04:15:43.0032 0164 wudfsvc - ok
04:15:43.0054 0164 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:15:43.0067 0164 WwanSvc - ok
04:15:43.0224 0164 {B154377D-700F-42cc-9474-23858FBDF4BD} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
04:15:43.0228 0164 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
04:15:43.0266 0164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:15:43.0414 0164 \Device\Harddisk0\DR0 - ok
04:15:43.0421 0164 MBR (0x1B8) (de2734461235a294a2abec29cfbcbb23) \Device\Harddisk1\DR1
04:15:44.0479 0164 \Device\Harddisk1\DR1 - ok
04:15:44.0500 0164 Boot (0x1200) (1103e5a3707dfce1aedd5ef97b4ab6a6) \Device\Harddisk0\DR0\Partition0
04:15:44.0503 0164 \Device\Harddisk0\DR0\Partition0 - ok
04:15:44.0508 0164 Boot (0x1200) (fa538bde26cf34e2685e469709df9f0c) \Device\Harddisk0\DR0\Partition1
04:15:44.0510 0164 \Device\Harddisk0\DR0\Partition1 - ok
04:15:44.0511 0164 ============================================================
04:15:44.0512 0164 Scan finished
04:15:44.0512 0164 ============================================================
04:15:44.0532 4352 Detected object count: 0
04:15:44.0532 4352 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 PM

Posted 13 July 2012 - 12:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\HeyJude\AppData\Roaming\Mozilla\Firefox\Profiles\xu08hkc6.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B38c638b7-3663-449e-b37a-dca8385db678%7D&mid=bf79396e4c021cc36153adfe62cc6e0d-780ab88abf60ec9332576718dabf1bffe8c23aee&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-10%2021%3A44%3A12&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63253
FF - prefs.js: network.proxy.type - 0

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 realburnsie

realburnsie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 July 2012 - 01:59 PM

no problems running combofix the computer is still not showing symptoms of the virus. running as normal as far ad I can tell
ComboFix 12-07-13.01 - HeyJude 07/13/2012 13:36:21.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4174 [GMT -5:00]
Running from: c:\users\HeyJude\Desktop\ComboFix.exe
Command switches used :: c:\users\HeyJude\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 18:43 . 2012-07-13 18:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-13 18:43 . 2012-07-13 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 18:43 . 2012-07-13 18:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-10 12:12 . 2012-07-10 12:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-09 03:38 . 2012-07-09 03:38 -------- d-----w- c:\program files\iPod
2012-07-09 03:38 . 2012-07-09 03:39 -------- d-----w- c:\program files\iTunes
2012-07-09 03:38 . 2012-07-09 03:39 -------- d-----w- c:\program files (x86)\iTunes
2012-06-21 04:56 . 2011-07-27 21:22 66552 ----a-w- c:\windows\system32\drivers\mozy.sys
2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 09:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 09:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 09:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 09:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 09:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 09:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 09:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 09:48 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 09:48 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 01:33 . 2012-06-16 01:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-16 01:32 . 2012-06-16 01:32 -------- d-----w- c:\program files (x86)\Oracle
2012-06-16 01:31 . 2012-05-05 00:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-15 13:22 . 2012-06-15 13:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 08:16 . 2012-05-28 08:16 1806848 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-05-22 00:37 . 2011-03-25 21:09 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 00:37 . 2011-03-25 21:09 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 00:37 . 2011-03-25 21:09 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-05 00:29 . 2010-06-20 13:24 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-02-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-02-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_04.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-13 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-13 04:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-13 04:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-23 04:19 . 2012-07-13 18:49 51456 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-13 18:49 33776 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-23 01:14 . 2012-07-13 18:49 16060 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-606367189-2953712760-1814550031-1000_UserData.bin
+ 2009-12-20 19:32 . 2012-07-13 18:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-20 19:32 . 2012-07-13 04:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-20 19:32 . 2012-07-13 18:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-20 19:32 . 2012-07-13 04:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-20 19:32 . 2012-07-13 04:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-20 19:32 . 2012-07-13 18:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-23 02:03 . 2012-07-13 04:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-23 02:03 . 2012-07-13 18:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-23 02:03 . 2012-07-13 18:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-23 02:03 . 2012-07-13 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-13 04:20 . 2012-07-13 04:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-13 18:44 . 2012-07-13 18:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 04:20 . 2012-07-13 04:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-13 18:44 . 2012-07-13 18:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-23 02:17 . 2012-07-13 04:21 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-23 02:17 . 2012-07-13 18:46 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-13 18:46 589824 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 04:21 589824 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-07-13 04:19 391984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-13 18:43 391984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-13 18:45 1392640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 04:20 1392640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-23 02:17 . 2012-07-13 04:21 3080192 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-23 02:17 . 2012-07-13 18:46 3080192 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2012-07-13 04:13 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-07-13 18:37 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 08:15 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-04 399736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"311CFFA3BD4ED4073139605AF0EA8A07295108D1._service_run"="c:\users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-13 1229848]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EKAiO2StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\HeyJude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HeyJude\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
My Program.lnk - c:\program files (x86)\FingerPrint\FingerPrint.exe [2012-2-29 924728]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-2-4 2401280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-6-4 6271376]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
ServeToMe.lnk - c:\program files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe [2012-2-2 907003]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-13 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys [2005-04-25 26720]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/27 21:15];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-03-01 00:40 146928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 FingerPrint;FingerPrint Service;c:\program files (x86)\FingerPrint\FingerPrintService.exe [2012-02-05 1299968]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-22 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-28 783360]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 23:39]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 23:39]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606367189-2953712760-1814550031-1000Core.job
- c:\users\HeyJude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 23:56]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606367189-2953712760-1814550031-1000UA.job
- c:\users\HeyJude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 23:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\HeyJude\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-06-04 21:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-06-04 21:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-02 7834656]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-10 3240448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081213
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63253
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\HeyJude\AppData\Roaming\Mozilla\Firefox\Profiles\xu08hkc6.default\
FF - prefs.js: browser.startup.homepage - google.com/news
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\WinRAR\RarExtLoader.exe
.
**************************************************************************
.
Completion time: 2012-07-13 13:54:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 18:54
ComboFix2.txt 2012-07-13 04:31
.
Pre-Run: 136,605,511,680 bytes free
Post-Run: 136,612,315,136 bytes free
.
- - End Of File - - 40A38B8B95B506DFC29B94B4369E661B

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 PM

Posted 13 July 2012 - 03:06 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.0
AVG Security Toolbar
Java™ 6 Update 29
Java™ SE Development Kit 6 Update 18
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 realburnsie

realburnsie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 July 2012 - 04:02 PM

Why do I need to remove uTorrent? It is a version I want to keep. If I remove it, I will have to upgrade to the new version, which I do not want. Please advise.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 PM

Posted 13 July 2012 - 06:14 PM

Sent you a PM



The best advice I can give you is to remove it completely from the computer and not use any of them




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 realburnsie

realburnsie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 July 2012 - 06:50 PM

You did not have me run MBAM previously.

#14 realburnsie

realburnsie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 July 2012 - 07:00 PM

No problems. Computer seems to still be running normally with no popups or lag.





Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.11

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
HeyJude :: HEYJUDE-PC [administrator]

Protection: Enabled

7/13/2012 6:48:42 PM
mbam-log-2012-07-13 (18-48-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262204
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:57:45 PM, on 7/13/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\HeyJude\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\WePrint\WePrint Server.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\HeyJude\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\HeyJude\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:63253
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [311CFFA3BD4ED4073139605AF0EA8A07295108D1._service_run] "C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = HeyJude\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: My Program.lnk = C:\Program Files (x86)\FingerPrint\FingerPrint.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: WePrint Server.lnk = C:\Program Files (x86)\WePrint\WePrint Server.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
O4 - Global Startup: ServeToMe.lnk = C:\Program Files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FingerPrint Service (FingerPrint) - Collobos Software - C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12827 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 PM

Posted 13 July 2012 - 07:42 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [311CFFA3BD4ED4073139605AF0EA8A07295108D1._service_run] "C:\Users\HeyJude\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
      O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - Startup: Dropbox.lnk = HeyJude\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users