Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Trojan horse Patched_c.LXT


  • This topic is locked This topic is locked
17 replies to this topic

#1 Amy280893

Amy280893

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 11 July 2012 - 03:36 PM

Hi I made a previous post, My link and so now I am posting here and hoping to get this trojan horse off my computer. I have carried out the DDS scan and am attaching the other thing. I hope you can help, thank you

BC AdBot (Login to Remove)

 


#2 Amy280893

Amy280893
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 11 July 2012 - 03:38 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Amy at 21:29:08 on 2012-07-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4023.2689 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\prevhost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
uRun: [StrmServer.exe] C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CHECKF~1.LNK - C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B7B8A3C2-7C9A-475E-AC58-C98476526A0B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B7B8A3C2-7C9A-475E-AC58-C98476526A0B}\4514C4B44514C4B4D2732324342343 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B7B8A3C2-7C9A-475E-AC58-C98476526A0B}\4586F6D61637 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B7B8A3C2-7C9A-475E-AC58-C98476526A0B}\F42377962756C6563737239303233363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B7B8A3C2-7C9A-475E-AC58-C98476526A0B}\F42377962756C656373723930323336382D6F646966696564692 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B7B8A3C2-7C9A-475E-AC58-C98476526A0B}\F42377962756C6563737648314835493 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\87o1pkr2.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3bebfdf1-7bbd-4326-9084-d7249cdd36c8%7D&mid=782e9d130ff8401d9331da1c8078f531-879dd0b3d54bdce39f3c28425e2d3e4bf2196578&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-15%2015%3A59%3A49&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nporbit.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Amy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Amy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\87o1pkr2.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 azvusb;Virtual USB Hub;C:\Windows\system32\DRIVERS\azvusb.sys --> C:\Windows\system32\DRIVERS\azvusb.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2011-1-6 89600]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe [2011-9-15 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe [2011-9-15 185640]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-15 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-1 228408]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2009-9-7 9216]
S3 MODRC;PCTV Dib Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys --> C:\Windows\system32\DRIVERS\modrc.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-11 18:38:34 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-09 22:31:56 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-23 20:37:56 -------- d-----w- C:\ProgramData\WebEx
2012-06-21 09:42:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 09:41:47 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 09:41:10 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 09:41:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-15 20:35:46 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 20:35:46 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-14 19:37:57 -------- d-----w- C:\Users\Amy\AppData\Local\Macromedia
2012-06-14 09:44:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 09:44:49 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 09:44:49 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 09:44:35 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 09:44:32 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 09:44:30 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 09:44:29 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 09:44:16 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 09:44:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 09:44:11 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 09:44:10 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 09:43:57 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 09:43:56 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 09:43:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 09:43:55 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 09:43:54 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 09:43:54 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 09:38:26 -------- d-----w- C:\Program Files\iPod
2012-06-14 09:38:25 -------- d-----w- C:\Program Files\iTunes
2012-06-14 09:38:25 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-18 19:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 21:30:03.51 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 12 July 2012 - 01:14 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Amy280893

Amy280893
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 12 July 2012 - 06:40 AM

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

ComboFix 12-07-11.03 - Amy 12/07/2012 12:05:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4023.2579 [GMT 1:00]
Running from: c:\users\Amy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Amy\Documents\~WRL0003.tmp
c:\users\Public\Documents\~WRL0005.tmp
c:\users\Samia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{618C0D2A-B35B-44FC-B826-122E822D2F8C}.xps
c:\users\Samia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E430C1CA-C248-42B6-BA91-4CE9A07DFE07}.xps
c:\users\Samia\Documents\~WRL1097.tmp
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\@
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\L\00000004.@
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\L\1afb2d56
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\L\201d3dde
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\00000004.@
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\00000008.@
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\000000cb.@
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\80000000.@
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\80000032.@
c:\windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 11:17 . 2012-07-12 11:17 -------- d-----w- c:\users\Samia\AppData\Local\temp
2012-07-12 11:17 . 2012-07-12 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 11:17 . 2012-07-12 11:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-12 10:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:42 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 22:42 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 22:42 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 22:42 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 22:42 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 22:42 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 22:41 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 22:41 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 22:41 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 22:41 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 22:41 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 22:41 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 22:41 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 22:41 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 22:41 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 18:38 . 2012-07-11 18:38 -------- d-----w- c:\program files (x86)\ESET
2012-07-09 22:31 . 2012-07-09 22:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-09 22:26 . 2012-07-09 22:26 -------- d-----w- c:\users\Amy\AppData\Roaming\vlc
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 20:37 . 2012-06-23 20:38 -------- d-----w- c:\programdata\WebEx
2012-06-21 09:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 09:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 09:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 09:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 09:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 09:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 09:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 09:41 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 09:41 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 13:41 . 2012-06-18 13:41 -------- d--h--r- c:\users\Amy\AppData\Roaming\SecuROM
2012-06-15 20:35 . 2012-07-11 23:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 20:35 . 2012-07-11 23:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 10:59 . 2012-06-15 10:59 -------- d-----w- c:\programdata\McAfee
2012-06-14 19:37 . 2012-06-14 19:37 -------- d-----w- c:\users\Amy\AppData\Local\Macromedia
2012-06-14 09:44 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 09:44 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 09:44 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 09:44 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 09:44 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 09:44 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 09:44 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 09:44 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 09:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 09:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 09:43 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 09:43 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 09:43 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 09:43 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 09:43 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 09:43 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 09:38 . 2012-06-14 09:38 -------- d-----w- c:\program files\iPod
2012-06-14 09:38 . 2012-06-14 09:39 -------- d-----w- c:\program files\iTunes
2012-06-14 09:38 . 2012-06-14 09:39 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 16:47 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944]
"StrmServer.exe"="c:\program files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe" [2010-01-22 746768]
"Facebook Update"="c:\users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"O2DA"="c:\program files (x86)\O2 Assistant\bin\sprtcmd.exe" [2011-09-15 206120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Check for Updates.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-06 9216]
R3 MODRC;PCTV Dib Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2010-11-19 24272]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-03 258560]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-21 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2011-01-06 89600]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files (x86)\O2 Assistant\bin\sprtsvc.exe [2011-09-15 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files (x86)\O2 Assistant\bin\tgsrvc.exe [2011-09-15 185640]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 23:13]
.
2012-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1001Core.job
- c:\users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-07 23:38]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1001UA.job
- c:\users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-07 23:38]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1001Core.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-14 17:25]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1001UA.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-14 17:25]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1003Core.job
- c:\users\Samia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 18:21]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1003UA.job
- c:\users\Samia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 18:21]
.
2012-06-30 c:\windows\Tasks\HPCeeScheduleForAMYS-LAPTOP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-06 487424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-28 16395880]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-03-24 2841088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\87o1pkr2.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3bebfdf1-7bbd-4326-9084-d7249cdd36c8%7D&mid=782e9d130ff8401d9331da1c8078f531-879dd0b3d54bdce39f3c28425e2d3e4bf2196578&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-15%2015%3A59%3A49&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-12 12:31:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 11:31
.
Pre-Run: 3,896,758,272 bytes free
Post-Run: 17,635,520,512 bytes free
.
- - End Of File - - C6A9804CC9DBD128497052E700B9ADA3

#5 Amy280893

Amy280893
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 12 July 2012 - 06:44 AM

Combo fix wouldn't produce log first time or run properly so had to restart and computer had to install 12 updates, then ran again and cf restarted my comp when started it ran automatically then said that avg wasn't disable, tried to disable avg and "illegal..." error MSG came up so restarted again. Disabled avg and Ran cf again and produced log tried to open firefox but then error message came up so restarted.

Now computer and is not redirecting me when i click on google links.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 12 July 2012 - 12:08 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Amy280893

Amy280893
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 12 July 2012 - 06:18 PM

23:29:40.0631 4704 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:29:40.0896 4704 ============================================================
23:29:40.0896 4704 Current date / time: 2012/07/12 23:29:40.0896
23:29:40.0896 4704 SystemInfo:
23:29:40.0896 4704
23:29:40.0896 4704 OS Version: 6.1.7601 ServicePack: 1.0
23:29:40.0896 4704 Product type: Workstation
23:29:40.0896 4704 ComputerName: AMYS-LAPTOP
23:29:40.0896 4704 UserName: Amy
23:29:40.0896 4704 Windows directory: C:\Windows
23:29:40.0896 4704 System windows directory: C:\Windows
23:29:40.0896 4704 Running under WOW64
23:29:40.0896 4704 Processor architecture: Intel x64
23:29:40.0896 4704 Number of processors: 4
23:29:40.0896 4704 Page size: 0x1000
23:29:40.0896 4704 Boot type: Normal boot
23:29:40.0896 4704 ============================================================
23:29:41.0786 4704 Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
23:29:41.0801 4704 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:29:41.0801 4704 Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:29:41.0801 4704 ============================================================
23:29:41.0801 4704 \Device\Harddisk1\DR1:
23:29:41.0801 4704 MBR partitions:
23:29:41.0801 4704 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
23:29:41.0801 4704 \Device\Harddisk0\DR0:
23:29:41.0801 4704 MBR partitions:
23:29:41.0801 4704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:29:41.0801 4704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23271800
23:29:41.0801 4704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x232D5800, BlocksNum 0x2125000
23:29:41.0801 4704 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xE, StartLBA 0x253FE5B5, BlocksNum 0x2F10C
23:29:41.0801 4704 \Device\Harddisk1\DR1:
23:29:41.0801 4704 MBR partitions:
23:29:41.0801 4704 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
23:29:41.0801 4704 ============================================================
23:29:41.0832 4704 C: <-> \Device\Harddisk0\DR0\Partition1
23:29:41.0895 4704 D: <-> \Device\Harddisk0\DR0\Partition2
23:29:41.0926 4704 E: <-> \Device\Harddisk0\DR0\Partition3
23:29:41.0926 4704 ============================================================
23:29:41.0926 4704 Initialize success
23:29:41.0926 4704 ============================================================
23:30:00.0195 1820 ============================================================
23:30:00.0195 1820 Scan started
23:30:00.0195 1820 Mode: Manual;
23:30:00.0195 1820 ============================================================
23:30:00.0741 1820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:30:00.0756 1820 1394ohci - ok
23:30:00.0803 1820 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:30:00.0819 1820 Accelerometer - ok
23:30:00.0881 1820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:30:00.0897 1820 ACPI - ok
23:30:00.0912 1820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:30:00.0912 1820 AcpiPmi - ok
23:30:01.0037 1820 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:30:01.0037 1820 AdobeARMservice - ok
23:30:01.0240 1820 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:30:01.0240 1820 AdobeFlashPlayerUpdateSvc - ok
23:30:01.0318 1820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:30:01.0333 1820 adp94xx - ok
23:30:01.0380 1820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:30:01.0396 1820 adpahci - ok
23:30:01.0427 1820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:30:01.0427 1820 adpu320 - ok
23:30:01.0474 1820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:30:01.0474 1820 AeLookupSvc - ok
23:30:01.0630 1820 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
23:30:01.0630 1820 AESTFilters - ok
23:30:01.0723 1820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:30:01.0739 1820 AFD - ok
23:30:01.0801 1820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:30:01.0801 1820 agp440 - ok
23:30:01.0833 1820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:30:01.0833 1820 ALG - ok
23:30:01.0895 1820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:30:01.0895 1820 aliide - ok
23:30:01.0942 1820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:30:01.0942 1820 amdide - ok
23:30:01.0973 1820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:30:01.0973 1820 AmdK8 - ok
23:30:02.0004 1820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:30:02.0020 1820 AmdPPM - ok
23:30:02.0051 1820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:30:02.0051 1820 amdsata - ok
23:30:02.0082 1820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:30:02.0098 1820 amdsbs - ok
23:30:02.0113 1820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:30:02.0113 1820 amdxata - ok
23:30:02.0176 1820 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
23:30:02.0176 1820 androidusb - ok
23:30:02.0238 1820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:30:02.0238 1820 AppID - ok
23:30:02.0269 1820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:30:02.0269 1820 AppIDSvc - ok
23:30:02.0316 1820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:30:02.0316 1820 Appinfo - ok
23:30:02.0503 1820 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:30:02.0503 1820 Apple Mobile Device - ok
23:30:02.0550 1820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:30:02.0550 1820 arc - ok
23:30:02.0566 1820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:30:02.0566 1820 arcsas - ok
23:30:02.0691 1820 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:30:02.0706 1820 aspnet_state - ok
23:30:02.0722 1820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:02.0722 1820 AsyncMac - ok
23:30:02.0769 1820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:30:02.0784 1820 atapi - ok
23:30:02.0878 1820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:30:02.0893 1820 AudioEndpointBuilder - ok
23:30:02.0909 1820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:30:02.0925 1820 AudioSrv - ok
23:30:03.0346 1820 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
23:30:03.0424 1820 AVGIDSAgent - ok
23:30:03.0564 1820 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:30:03.0564 1820 AVGIDSDriver - ok
23:30:03.0580 1820 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:30:03.0580 1820 AVGIDSEH - ok
23:30:03.0611 1820 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:30:03.0611 1820 AVGIDSFilter - ok
23:30:03.0705 1820 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
23:30:03.0705 1820 Avgldx64 - ok
23:30:03.0751 1820 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:30:03.0751 1820 Avgmfx64 - ok
23:30:03.0783 1820 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:30:03.0798 1820 Avgrkx64 - ok
23:30:03.0861 1820 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
23:30:03.0876 1820 Avgtdia - ok
23:30:04.0001 1820 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:30:04.0001 1820 avgwd - ok
23:30:04.0063 1820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:30:04.0079 1820 AxInstSV - ok
23:30:04.0141 1820 azvusb (9f4320ba8e7ce2342517b182a2f2c0e6) C:\Windows\system32\DRIVERS\azvusb.sys
23:30:04.0141 1820 azvusb - ok
23:30:04.0204 1820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:30:04.0219 1820 b06bdrv - ok
23:30:04.0266 1820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:30:04.0266 1820 b57nd60a - ok
23:30:04.0547 1820 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:30:04.0594 1820 BCM43XX - ok
23:30:04.0703 1820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:30:04.0703 1820 BDESVC - ok
23:30:04.0750 1820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:30:04.0750 1820 Beep - ok
23:30:04.0859 1820 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:30:04.0875 1820 BFE - ok
23:30:04.0968 1820 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:30:04.0984 1820 BITS - ok
23:30:05.0031 1820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:30:05.0031 1820 blbdrive - ok
23:30:05.0202 1820 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:30:05.0218 1820 Bonjour Service - ok
23:30:05.0265 1820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:30:05.0265 1820 bowser - ok
23:30:05.0296 1820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:30:05.0296 1820 BrFiltLo - ok
23:30:05.0311 1820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:30:05.0311 1820 BrFiltUp - ok
23:30:05.0374 1820 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:30:05.0374 1820 BridgeMP - ok
23:30:05.0421 1820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:30:05.0436 1820 Browser - ok
23:30:05.0467 1820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:30:05.0467 1820 Brserid - ok
23:30:05.0483 1820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:30:05.0483 1820 BrSerWdm - ok
23:30:05.0499 1820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:30:05.0499 1820 BrUsbMdm - ok
23:30:05.0514 1820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:30:05.0514 1820 BrUsbSer - ok
23:30:05.0577 1820 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:30:05.0577 1820 BthEnum - ok
23:30:05.0592 1820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:30:05.0592 1820 BTHMODEM - ok
23:30:05.0623 1820 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:30:05.0639 1820 BthPan - ok
23:30:05.0686 1820 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:30:05.0701 1820 BTHPORT - ok
23:30:05.0733 1820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:30:05.0733 1820 bthserv - ok
23:30:05.0748 1820 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:30:05.0764 1820 BTHUSB - ok
23:30:05.0811 1820 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
23:30:05.0811 1820 btwaudio - ok
23:30:05.0842 1820 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
23:30:05.0842 1820 btwavdt - ok
23:30:05.0967 1820 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:30:05.0982 1820 btwdins - ok
23:30:05.0998 1820 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:30:05.0998 1820 btwl2cap - ok
23:30:06.0013 1820 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
23:30:06.0013 1820 btwrchid - ok
23:30:06.0029 1820 catchme - ok
23:30:06.0060 1820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:30:06.0060 1820 cdfs - ok
23:30:06.0138 1820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:30:06.0138 1820 cdrom - ok
23:30:06.0201 1820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:30:06.0201 1820 CertPropSvc - ok
23:30:06.0247 1820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:30:06.0247 1820 circlass - ok
23:30:06.0294 1820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:30:06.0294 1820 CLFS - ok
23:30:06.0372 1820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:06.0372 1820 clr_optimization_v2.0.50727_32 - ok
23:30:06.0419 1820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:30:06.0419 1820 clr_optimization_v2.0.50727_64 - ok
23:30:06.0513 1820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:06.0513 1820 clr_optimization_v4.0.30319_32 - ok
23:30:06.0544 1820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:30:06.0559 1820 clr_optimization_v4.0.30319_64 - ok
23:30:06.0575 1820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:30:06.0575 1820 CmBatt - ok
23:30:06.0622 1820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:30:06.0622 1820 cmdide - ok
23:30:06.0700 1820 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:30:06.0715 1820 CNG - ok
23:30:06.0793 1820 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:30:06.0793 1820 Com4QLBEx - ok
23:30:06.0825 1820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:30:06.0825 1820 Compbatt - ok
23:30:06.0871 1820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:30:06.0887 1820 CompositeBus - ok
23:30:06.0887 1820 COMSysApp - ok
23:30:06.0903 1820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:30:06.0903 1820 crcdisk - ok
23:30:06.0981 1820 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:30:06.0981 1820 CryptSvc - ok
23:30:07.0059 1820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:30:07.0074 1820 DcomLaunch - ok
23:30:07.0121 1820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:30:07.0121 1820 defragsvc - ok
23:30:07.0168 1820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:30:07.0168 1820 DfsC - ok
23:30:07.0230 1820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:30:07.0246 1820 Dhcp - ok
23:30:07.0261 1820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:30:07.0261 1820 discache - ok
23:30:07.0293 1820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:30:07.0293 1820 Disk - ok
23:30:07.0339 1820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:30:07.0355 1820 Dnscache - ok
23:30:07.0402 1820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:30:07.0417 1820 dot3svc - ok
23:30:07.0464 1820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:30:07.0480 1820 DPS - ok
23:30:07.0495 1820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:30:07.0495 1820 drmkaud - ok
23:30:07.0605 1820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:30:07.0620 1820 DXGKrnl - ok
23:30:07.0667 1820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:30:07.0667 1820 EapHost - ok
23:30:07.0948 1820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:30:08.0010 1820 ebdrv - ok
23:30:08.0135 1820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:30:08.0135 1820 EFS - ok
23:30:08.0229 1820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:30:08.0244 1820 ehRecvr - ok
23:30:08.0275 1820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:30:08.0275 1820 ehSched - ok
23:30:08.0369 1820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:30:08.0369 1820 elxstor - ok
23:30:08.0431 1820 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
23:30:08.0431 1820 enecir - ok
23:30:08.0463 1820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:30:08.0463 1820 ErrDev - ok
23:30:08.0525 1820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:30:08.0525 1820 EventSystem - ok
23:30:08.0572 1820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:30:08.0572 1820 exfat - ok
23:30:08.0603 1820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:30:08.0603 1820 fastfat - ok
23:30:08.0712 1820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:30:08.0728 1820 Fax - ok
23:30:08.0743 1820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:30:08.0743 1820 fdc - ok
23:30:08.0759 1820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:30:08.0775 1820 fdPHost - ok
23:30:08.0775 1820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:30:08.0775 1820 FDResPub - ok
23:30:08.0806 1820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:30:08.0806 1820 FileInfo - ok
23:30:08.0821 1820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:30:08.0821 1820 Filetrace - ok
23:30:08.0853 1820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:30:08.0853 1820 flpydisk - ok
23:30:08.0884 1820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:30:08.0899 1820 FltMgr - ok
23:30:09.0009 1820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:30:09.0024 1820 FontCache - ok
23:30:09.0102 1820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:30:09.0102 1820 FontCache3.0.0.0 - ok
23:30:09.0133 1820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:30:09.0133 1820 FsDepends - ok
23:30:09.0196 1820 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:30:09.0196 1820 fssfltr - ok
23:30:09.0352 1820 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:30:09.0367 1820 fsssvc - ok
23:30:09.0492 1820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:30:09.0492 1820 Fs_Rec - ok
23:30:09.0555 1820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:30:09.0555 1820 fvevol - ok
23:30:09.0601 1820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:30:09.0601 1820 gagp30kx - ok
23:30:09.0648 1820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:30:09.0664 1820 GEARAspiWDM - ok
23:30:09.0742 1820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:30:09.0757 1820 gpsvc - ok
23:30:09.0867 1820 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:30:09.0882 1820 gusvc - ok
23:30:09.0898 1820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:30:09.0898 1820 hcw85cir - ok
23:30:09.0976 1820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:30:09.0991 1820 HdAudAddService - ok
23:30:10.0023 1820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:30:10.0023 1820 HDAudBus - ok
23:30:10.0054 1820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:30:10.0054 1820 HidBatt - ok
23:30:10.0069 1820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:30:10.0085 1820 HidBth - ok
23:30:10.0116 1820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:30:10.0116 1820 HidIr - ok
23:30:10.0147 1820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:30:10.0147 1820 hidserv - ok
23:30:10.0194 1820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:30:10.0210 1820 HidUsb - ok
23:30:10.0257 1820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:30:10.0257 1820 hkmsvc - ok
23:30:10.0335 1820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:30:10.0335 1820 HomeGroupListener - ok
23:30:10.0381 1820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:30:10.0381 1820 HomeGroupProvider - ok
23:30:10.0522 1820 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:30:10.0522 1820 HP Support Assistant Service - ok
23:30:10.0631 1820 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:30:10.0631 1820 HPDrvMntSvc.exe - ok
23:30:10.0662 1820 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:30:10.0662 1820 hpdskflt - ok
23:30:10.0693 1820 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:30:10.0693 1820 HpqKbFiltr - ok
23:30:10.0787 1820 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:30:10.0803 1820 hpqwmiex - ok
23:30:10.0865 1820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:30:10.0865 1820 HpSAMD - ok
23:30:10.0881 1820 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
23:30:10.0881 1820 hpsrv - ok
23:30:10.0927 1820 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
23:30:10.0927 1820 HTCAND64 - ok
23:30:11.0021 1820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:30:11.0037 1820 HTTP - ok
23:30:11.0083 1820 hwdatacard (f57e489800543b69fe196f51ca9c85b5) C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:30:11.0083 1820 hwdatacard - ok
23:30:11.0130 1820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:30:11.0130 1820 hwpolicy - ok
23:30:11.0177 1820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:30:11.0177 1820 i8042prt - ok
23:30:11.0255 1820 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
23:30:11.0255 1820 iaStor - ok
23:30:11.0302 1820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:30:11.0317 1820 iaStorV - ok
23:30:11.0442 1820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:30:11.0473 1820 idsvc - ok
23:30:11.0941 1820 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:30:12.0051 1820 igfx - ok
23:30:12.0175 1820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:30:12.0175 1820 iirsp - ok
23:30:12.0285 1820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:30:12.0300 1820 IKEEXT - ok
23:30:12.0363 1820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:30:12.0363 1820 intelide - ok
23:30:12.0394 1820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:30:12.0394 1820 intelppm - ok
23:30:12.0409 1820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:30:12.0425 1820 IPBusEnum - ok
23:30:12.0472 1820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:12.0472 1820 IpFilterDriver - ok
23:30:12.0534 1820 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:30:12.0550 1820 iphlpsvc - ok
23:30:12.0581 1820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:30:12.0581 1820 IPMIDRV - ok
23:30:12.0612 1820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:30:12.0628 1820 IPNAT - ok
23:30:12.0799 1820 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
23:30:12.0815 1820 iPod Service - ok
23:30:12.0846 1820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:30:12.0862 1820 IRENUM - ok
23:30:12.0893 1820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:30:12.0893 1820 isapnp - ok
23:30:12.0940 1820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:30:12.0940 1820 iScsiPrt - ok
23:30:12.0971 1820 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
23:30:12.0987 1820 JMCR - ok
23:30:13.0002 1820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:30:13.0018 1820 kbdclass - ok
23:30:13.0033 1820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:30:13.0049 1820 kbdhid - ok
23:30:13.0096 1820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:30:13.0096 1820 KeyIso - ok
23:30:13.0143 1820 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:30:13.0143 1820 KSecDD - ok
23:30:13.0189 1820 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:30:13.0205 1820 KSecPkg - ok
23:30:13.0283 1820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:30:13.0283 1820 ksthunk - ok
23:30:13.0345 1820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:30:13.0361 1820 KtmRm - ok
23:30:13.0501 1820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:30:13.0501 1820 LanmanServer - ok
23:30:13.0548 1820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:30:13.0564 1820 LanmanWorkstation - ok
23:30:13.0689 1820 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:30:13.0689 1820 LightScribeService - ok
23:30:13.0735 1820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:30:13.0735 1820 lltdio - ok
23:30:13.0798 1820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:30:13.0798 1820 lltdsvc - ok
23:30:13.0813 1820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:30:13.0813 1820 lmhosts - ok
23:30:13.0876 1820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:30:13.0876 1820 LSI_FC - ok
23:30:13.0923 1820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:30:13.0923 1820 LSI_SAS - ok
23:30:13.0938 1820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:30:13.0938 1820 LSI_SAS2 - ok
23:30:13.0985 1820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:30:13.0985 1820 LSI_SCSI - ok
23:30:14.0032 1820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:30:14.0047 1820 luafv - ok
23:30:14.0110 1820 massfilter (4a06e3a42953e5808f4089a308383a41) C:\Windows\system32\drivers\massfilter.sys
23:30:14.0110 1820 massfilter - ok
23:30:14.0172 1820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:30:14.0172 1820 Mcx2Svc - ok
23:30:14.0203 1820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:30:14.0203 1820 megasas - ok
23:30:14.0250 1820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:30:14.0250 1820 MegaSR - ok
23:30:14.0281 1820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:30:14.0297 1820 MMCSS - ok
23:30:14.0422 1820 mod7700 (74c85bbd2489949f5b325fdd886e662f) C:\Windows\system32\DRIVERS\mod7700.sys
23:30:14.0437 1820 mod7700 - ok
23:30:14.0484 1820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:30:14.0484 1820 Modem - ok
23:30:14.0531 1820 MODRC (21d0cbafd2e6ab86fd2bbfbcbebe71d6) C:\Windows\system32\DRIVERS\modrc.sys
23:30:14.0547 1820 MODRC - ok
23:30:14.0578 1820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:30:14.0578 1820 monitor - ok
23:30:14.0625 1820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:30:14.0625 1820 mouclass - ok
23:30:14.0640 1820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:30:14.0640 1820 mouhid - ok
23:30:14.0703 1820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:30:14.0703 1820 mountmgr - ok
23:30:14.0812 1820 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:30:14.0812 1820 MozillaMaintenance - ok
23:30:14.0874 1820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:30:14.0874 1820 mpio - ok
23:30:14.0890 1820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:30:14.0905 1820 mpsdrv - ok
23:30:15.0015 1820 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:30:15.0030 1820 MpsSvc - ok
23:30:15.0077 1820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:30:15.0077 1820 MRxDAV - ok
23:30:15.0124 1820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:15.0124 1820 mrxsmb - ok
23:30:15.0186 1820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:15.0202 1820 mrxsmb10 - ok
23:30:15.0217 1820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:15.0217 1820 mrxsmb20 - ok
23:30:15.0295 1820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:30:15.0295 1820 msahci - ok
23:30:15.0342 1820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:30:15.0342 1820 msdsm - ok
23:30:15.0373 1820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:30:15.0389 1820 MSDTC - ok
23:30:15.0420 1820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:30:15.0420 1820 Msfs - ok
23:30:15.0436 1820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:30:15.0436 1820 mshidkmdf - ok
23:30:15.0451 1820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:30:15.0451 1820 msisadrv - ok
23:30:15.0498 1820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:30:15.0498 1820 MSiSCSI - ok
23:30:15.0498 1820 msiserver - ok
23:30:15.0529 1820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:30:15.0529 1820 MSKSSRV - ok
23:30:15.0545 1820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:15.0545 1820 MSPCLOCK - ok
23:30:15.0561 1820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:30:15.0561 1820 MSPQM - ok
23:30:15.0623 1820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:30:15.0639 1820 MsRPC - ok
23:30:15.0685 1820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:30:15.0685 1820 mssmbios - ok
23:30:15.0701 1820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:30:15.0717 1820 MSTEE - ok
23:30:15.0732 1820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:30:15.0732 1820 MTConfig - ok
23:30:15.0748 1820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:30:15.0748 1820 Mup - ok
23:30:15.0826 1820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:30:15.0841 1820 napagent - ok
23:30:15.0888 1820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:30:15.0904 1820 NativeWifiP - ok
23:30:16.0029 1820 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:30:16.0044 1820 NDIS - ok
23:30:16.0060 1820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:30:16.0075 1820 NdisCap - ok
23:30:16.0107 1820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:16.0107 1820 NdisTapi - ok
23:30:16.0153 1820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:16.0169 1820 Ndisuio - ok
23:30:16.0216 1820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:16.0216 1820 NdisWan - ok
23:30:16.0263 1820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:30:16.0263 1820 NDProxy - ok
23:30:16.0309 1820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:30:16.0309 1820 NetBIOS - ok
23:30:16.0372 1820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:30:16.0372 1820 NetBT - ok
23:30:16.0419 1820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:30:16.0419 1820 Netlogon - ok
23:30:16.0481 1820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:30:16.0481 1820 Netman - ok
23:30:16.0606 1820 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:30:16.0606 1820 NetMsmqActivator - ok
23:30:16.0621 1820 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:30:16.0621 1820 NetPipeActivator - ok
23:30:16.0668 1820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:30:16.0684 1820 netprofm - ok
23:30:16.0684 1820 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:30:16.0684 1820 NetTcpActivator - ok
23:30:16.0699 1820 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:30:16.0699 1820 NetTcpPortSharing - ok
23:30:17.0136 1820 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:30:17.0230 1820 netw5v64 - ok
23:30:17.0355 1820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:30:17.0355 1820 nfrd960 - ok
23:30:17.0479 1820 NitroReaderDriverReadSpool (61edee7f29249640a3cf8d7a23e917cc) C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
23:30:17.0495 1820 NitroReaderDriverReadSpool - ok
23:30:17.0557 1820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:30:17.0557 1820 NlaSvc - ok
23:30:17.0589 1820 nmwcdcx64 - ok
23:30:17.0604 1820 nmwcdnsux64 - ok
23:30:17.0604 1820 nmwcdx64 - ok
23:30:17.0635 1820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:30:17.0635 1820 Npfs - ok
23:30:17.0667 1820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:30:17.0667 1820 nsi - ok
23:30:17.0667 1820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:30:17.0667 1820 nsiproxy - ok
23:30:17.0854 1820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:30:17.0869 1820 Ntfs - ok
23:30:17.0979 1820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:30:17.0979 1820 Null - ok
23:30:18.0025 1820 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
23:30:18.0025 1820 NVHDA - ok
23:30:18.0915 1820 nvlddmkm (d1db65fdda7af4853ef0994bb111d778) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:30:19.0196 1820 nvlddmkm - ok
23:30:19.0336 1820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:30:19.0352 1820 nvraid - ok
23:30:19.0383 1820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:30:19.0383 1820 nvstor - ok
23:30:19.0461 1820 nvsvc (8f9c2a5f96810467d50687ae00465424) C:\Windows\system32\nvvsvc.exe
23:30:19.0461 1820 nvsvc - ok
23:30:19.0508 1820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:30:19.0508 1820 nv_agp - ok
23:30:19.0523 1820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:30:19.0523 1820 ohci1394 - ok
23:30:19.0632 1820 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:30:19.0632 1820 ose - ok
23:30:20.0069 1820 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:30:20.0147 1820 osppsvc - ok
23:30:20.0288 1820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:30:20.0303 1820 p2pimsvc - ok
23:30:20.0334 1820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:30:20.0350 1820 p2psvc - ok
23:30:20.0397 1820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:30:20.0412 1820 Parport - ok
23:30:20.0459 1820 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:30:20.0459 1820 partmgr - ok
23:30:20.0490 1820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:30:20.0490 1820 PcaSvc - ok
23:30:20.0537 1820 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
23:30:20.0537 1820 pccsmcfd - ok
23:30:20.0600 1820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:30:20.0600 1820 pci - ok
23:30:20.0615 1820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:30:20.0615 1820 pciide - ok
23:30:20.0646 1820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:30:20.0646 1820 pcmcia - ok
23:30:20.0678 1820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:30:20.0678 1820 pcw - ok
23:30:20.0724 1820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:30:20.0740 1820 PEAUTH - ok
23:30:20.0818 1820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:30:20.0818 1820 PerfHost - ok
23:30:20.0974 1820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:30:21.0005 1820 pla - ok
23:30:21.0068 1820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:30:21.0068 1820 PlugPlay - ok
23:30:21.0099 1820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:30:21.0099 1820 PNRPAutoReg - ok
23:30:21.0130 1820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:30:21.0146 1820 PNRPsvc - ok
23:30:21.0192 1820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:30:21.0192 1820 PolicyAgent - ok
23:30:21.0239 1820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:30:21.0239 1820 Power - ok
23:30:21.0317 1820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:30:21.0317 1820 PptpMiniport - ok
23:30:21.0348 1820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:30:21.0348 1820 Processor - ok
23:30:21.0411 1820 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:30:21.0411 1820 ProfSvc - ok
23:30:21.0458 1820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:30:21.0458 1820 ProtectedStorage - ok
23:30:21.0520 1820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:30:21.0536 1820 Psched - ok
23:30:21.0660 1820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:30:21.0692 1820 ql2300 - ok
23:30:21.0832 1820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:30:21.0848 1820 ql40xx - ok
23:30:21.0894 1820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:30:21.0894 1820 QWAVE - ok
23:30:21.0941 1820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:30:21.0941 1820 QWAVEdrv - ok
23:30:21.0988 1820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:30:21.0988 1820 RasAcd - ok
23:30:22.0035 1820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:30:22.0035 1820 RasAgileVpn - ok
23:30:22.0066 1820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:30:22.0082 1820 RasAuto - ok
23:30:22.0128 1820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:30:22.0128 1820 Rasl2tp - ok
23:30:22.0222 1820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:30:22.0222 1820 RasMan - ok
23:30:22.0253 1820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:30:22.0253 1820 RasPppoe - ok
23:30:22.0269 1820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:30:22.0284 1820 RasSstp - ok
23:30:22.0316 1820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:30:22.0316 1820 rdbss - ok
23:30:22.0347 1820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:30:22.0347 1820 rdpbus - ok
23:30:22.0362 1820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:30:22.0362 1820 RDPCDD - ok
23:30:22.0378 1820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:30:22.0378 1820 RDPENCDD - ok
23:30:22.0409 1820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:30:22.0409 1820 RDPREFMP - ok
23:30:22.0472 1820 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:30:22.0472 1820 RDPWD - ok
23:30:22.0534 1820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:30:22.0534 1820 rdyboost - ok
23:30:22.0581 1820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:30:22.0581 1820 RemoteAccess - ok
23:30:22.0628 1820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:30:22.0628 1820 RemoteRegistry - ok
23:30:22.0659 1820 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:30:22.0674 1820 RFCOMM - ok
23:30:22.0690 1820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:30:22.0690 1820 RpcEptMapper - ok
23:30:22.0706 1820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:30:22.0706 1820 RpcLocator - ok
23:30:22.0799 1820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:30:22.0799 1820 RpcSs - ok
23:30:22.0830 1820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:30:22.0830 1820 rspndr - ok
23:30:22.0877 1820 RTL8167 (5b04929ef24f87e239b880faae410e3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:30:22.0893 1820 RTL8167 - ok
23:30:22.0940 1820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:30:22.0940 1820 SamSs - ok
23:30:22.0986 1820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:30:22.0986 1820 sbp2port - ok
23:30:23.0018 1820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:30:23.0018 1820 SCardSvr - ok
23:30:23.0064 1820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:30:23.0064 1820 scfilter - ok
23:30:23.0189 1820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:30:23.0205 1820 Schedule - ok
23:30:23.0252 1820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:30:23.0252 1820 SCPolicySvc - ok
23:30:23.0283 1820 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:30:23.0283 1820 sdbus - ok
23:30:23.0345 1820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:30:23.0345 1820 SDRSVC - ok
23:30:23.0423 1820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:30:23.0423 1820 secdrv - ok
23:30:23.0423 1820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:30:23.0439 1820 seclogon - ok
23:30:23.0470 1820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:30:23.0470 1820 SENS - ok
23:30:23.0486 1820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:30:23.0501 1820 SensrSvc - ok
23:30:23.0517 1820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:30:23.0517 1820 Serenum - ok
23:30:23.0532 1820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:30:23.0532 1820 Serial - ok
23:30:23.0579 1820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:30:23.0579 1820 sermouse - ok
23:30:23.0688 1820 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
23:30:23.0720 1820 ServiceLayer - ok
23:30:23.0782 1820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:30:23.0782 1820 SessionEnv - ok
23:30:23.0829 1820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:30:23.0829 1820 sffdisk - ok
23:30:23.0860 1820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:30:23.0860 1820 sffp_mmc - ok
23:30:23.0891 1820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:30:23.0891 1820 sffp_sd - ok
23:30:23.0922 1820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:30:23.0938 1820 sfloppy - ok
23:30:24.0000 1820 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:30:24.0000 1820 SharedAccess - ok
23:30:24.0078 1820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:30:24.0078 1820 ShellHWDetection - ok
23:30:24.0110 1820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:30:24.0110 1820 SiSRaid2 - ok
23:30:24.0125 1820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:30:24.0141 1820 SiSRaid4 - ok
23:30:24.0156 1820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:30:24.0156 1820 Smb - ok
23:30:24.0203 1820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:30:24.0203 1820 SNMPTRAP - ok
23:30:24.0297 1820 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
23:30:24.0297 1820 speedfan - ok
23:30:24.0328 1820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:30:24.0328 1820 spldr - ok
23:30:24.0406 1820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:30:24.0422 1820 Spooler - ok
23:30:24.0718 1820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:30:24.0765 1820 sppsvc - ok
23:30:24.0874 1820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:30:24.0874 1820 sppuinotify - ok
23:30:24.0999 1820 sprtsvc_O2DA (9be42e99bbd5461f1f94fe39fee2e6f5) C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
23:30:25.0014 1820 sprtsvc_O2DA - ok
23:30:25.0092 1820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:30:25.0108 1820 srv - ok
23:30:25.0139 1820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:30:25.0155 1820 srv2 - ok
23:30:25.0202 1820 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:30:25.0202 1820 SrvHsfHDA - ok
23:30:25.0326 1820 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:30:25.0358 1820 SrvHsfV92 - ok
23:30:25.0545 1820 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:30:25.0560 1820 SrvHsfWinac - ok
23:30:25.0607 1820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:30:25.0623 1820 srvnet - ok
23:30:25.0685 1820 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
23:30:25.0685 1820 ssadbus - ok
23:30:25.0732 1820 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:30:25.0732 1820 ssadmdfl - ok
23:30:25.0779 1820 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
23:30:25.0794 1820 ssadmdm - ok
23:30:25.0826 1820 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
23:30:25.0826 1820 ssadserd - ok
23:30:25.0872 1820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:30:25.0872 1820 SSDPSRV - ok
23:30:25.0904 1820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:30:25.0904 1820 SstpSvc - ok
23:30:26.0060 1820 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
23:30:26.0060 1820 STacSV - ok
23:30:26.0106 1820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:30:26.0106 1820 stexstor - ok
23:30:26.0169 1820 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
23:30:26.0184 1820 STHDA - ok
23:30:26.0278 1820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:30:26.0278 1820 stisvc - ok
23:30:26.0418 1820 SupportSoft RemoteAssist (518eeb2043b66e733489a715852bf839) C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
23:30:26.0418 1820 SupportSoft RemoteAssist - ok
23:30:26.0496 1820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:30:26.0496 1820 swenum - ok
23:30:26.0559 1820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:30:26.0574 1820 swprv - ok
23:30:26.0621 1820 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
23:30:26.0637 1820 SynTP - ok
23:30:26.0793 1820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:30:26.0824 1820 SysMain - ok
23:30:26.0949 1820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:30:26.0964 1820 TabletInputService - ok
23:30:26.0996 1820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:30:27.0011 1820 TapiSrv - ok
23:30:27.0042 1820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:30:27.0042 1820 TBS - ok
23:30:27.0245 1820 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:30:27.0276 1820 Tcpip - ok
23:30:27.0495 1820 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:30:27.0526 1820 TCPIP6 - ok
23:30:27.0620 1820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:30:27.0620 1820 tcpipreg - ok
23:30:27.0651 1820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:30:27.0651 1820 TDPIPE - ok
23:30:27.0698 1820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:30:27.0698 1820 TDTCP - ok
23:30:27.0760 1820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:30:27.0760 1820 tdx - ok
23:30:27.0807 1820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:30:27.0807 1820 TermDD - ok
23:30:27.0885 1820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:30:27.0900 1820 TermService - ok
23:30:27.0994 1820 tgsrvc_O2DA (c4e3bbcba4e10a34e31c26a0cf933e32) C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
23:30:28.0010 1820 tgsrvc_O2DA - ok
23:30:28.0041 1820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:30:28.0041 1820 Themes - ok
23:30:28.0072 1820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:30:28.0072 1820 THREADORDER - ok
23:30:28.0103 1820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:30:28.0103 1820 TrkWks - ok
23:30:28.0166 1820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:30:28.0181 1820 TrustedInstaller - ok
23:30:28.0244 1820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:30:28.0259 1820 tssecsrv - ok
23:30:28.0306 1820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:30:28.0306 1820 TsUsbFlt - ok
23:30:28.0384 1820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:30:28.0384 1820 tunnel - ok
23:30:28.0462 1820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:30:28.0462 1820 uagp35 - ok
23:30:28.0524 1820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:30:28.0524 1820 udfs - ok
23:30:28.0571 1820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:30:28.0571 1820 UI0Detect - ok
23:30:28.0634 1820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:30:28.0634 1820 uliagpkx - ok
23:30:28.0649 1820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:30:28.0649 1820 umbus - ok
23:30:28.0665 1820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:30:28.0680 1820 UmPass - ok
23:30:28.0712 1820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:30:28.0727 1820 upnphost - ok
23:30:28.0743 1820 upperdev - ok
23:30:28.0790 1820 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:30:28.0790 1820 USBAAPL64 - ok
23:30:28.0805 1820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:30:28.0821 1820 usbccgp - ok
23:30:28.0868 1820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:30:28.0868 1820 usbcir - ok
23:30:28.0899 1820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:30:28.0899 1820 usbehci - ok
23:30:28.0946 1820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:30:28.0946 1820 usbhub - ok
23:30:28.0977 1820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:30:28.0977 1820 usbohci - ok
23:30:28.0992 1820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:30:28.0992 1820 usbprint - ok
23:30:29.0039 1820 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:30:29.0039 1820 usbscan - ok
23:30:29.0070 1820 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
23:30:29.0070 1820 usbser - ok
23:30:29.0086 1820 UsbserFilt - ok
23:30:29.0102 1820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:30:29.0102 1820 USBSTOR - ok
23:30:29.0133 1820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:30:29.0133 1820 usbuhci - ok
23:30:29.0195 1820 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:30:29.0211 1820 usbvideo - ok
23:30:29.0226 1820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:30:29.0226 1820 UxSms - ok
23:30:29.0273 1820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:30:29.0273 1820 VaultSvc - ok
23:30:29.0289 1820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:30:29.0289 1820 vdrvroot - ok
23:30:29.0367 1820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:30:29.0382 1820 vds - ok
23:30:29.0414 1820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:30:29.0414 1820 vga - ok
23:30:29.0429 1820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:30:29.0429 1820 VgaSave - ok
23:30:29.0460 1820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:30:29.0476 1820 vhdmp - ok
23:30:29.0523 1820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:30:29.0523 1820 viaide - ok
23:30:29.0538 1820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:30:29.0538 1820 volmgr - ok
23:30:29.0616 1820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:30:29.0616 1820 volmgrx - ok
23:30:29.0648 1820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:30:29.0663 1820 volsnap - ok
23:30:29.0694 1820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:30:29.0694 1820 vsmraid - ok
23:30:29.0866 1820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:30:29.0913 1820 VSS - ok
23:30:30.0084 1820 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
23:30:30.0100 1820 vToolbarUpdater11.2.0 - ok
23:30:30.0225 1820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:30:30.0225 1820 vwifibus - ok
23:30:30.0240 1820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:30:30.0240 1820 vwififlt - ok
23:30:30.0272 1820 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:30:30.0272 1820 vwifimp - ok
23:30:30.0334 1820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:30:30.0350 1820 W32Time - ok
23:30:30.0365 1820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:30:30.0365 1820 WacomPen - ok
23:30:30.0428 1820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:30:30.0428 1820 WANARP - ok
23:30:30.0428 1820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:30:30.0428 1820 Wanarpv6 - ok
23:30:30.0568 1820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:30:30.0584 1820 WatAdminSvc - ok
23:30:30.0724 1820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:30:30.0755 1820 wbengine - ok
23:30:30.0864 1820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:30:30.0864 1820 WbioSrvc - ok
23:30:30.0942 1820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:30:30.0942 1820 wcncsvc - ok
23:30:30.0958 1820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:30:30.0974 1820 WcsPlugInService - ok
23:30:31.0005 1820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:30:31.0005 1820 Wd - ok
23:30:31.0067 1820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:30:31.0083 1820 Wdf01000 - ok
23:30:31.0114 1820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:30:31.0114 1820 WdiServiceHost - ok
23:30:31.0114 1820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:30:31.0130 1820 WdiSystemHost - ok
23:30:31.0176 1820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:30:31.0192 1820 WebClient - ok
23:30:31.0223 1820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:30:31.0223 1820 Wecsvc - ok
23:30:31.0254 1820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:30:31.0254 1820 wercplsupport - ok
23:30:31.0270 1820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:30:31.0286 1820 WerSvc - ok
23:30:31.0317 1820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:30:31.0317 1820 WfpLwf - ok
23:30:31.0332 1820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:30:31.0332 1820 WIMMount - ok
23:30:31.0379 1820 WinDefend - ok
23:30:31.0395 1820 WinHttpAutoProxySvc - ok
23:30:31.0457 1820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:30:31.0457 1820 Winmgmt - ok
23:30:31.0613 1820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:30:31.0660 1820 WinRM - ok
23:30:31.0832 1820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:30:31.0832 1820 WinUsb - ok
23:30:31.0956 1820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:30:31.0972 1820 Wlansvc - ok
23:30:32.0050 1820 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:30:32.0050 1820 wlcrasvc - ok
23:30:32.0284 1820 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:30:32.0331 1820 wlidsvc - ok
23:30:32.0456 1820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:30:32.0456 1820 WmiAcpi - ok
23:30:32.0518 1820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:30:32.0534 1820 wmiApSrv - ok
23:30:32.0549 1820 WMPNetworkSvc - ok
23:30:32.0596 1820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:30:32.0596 1820 WPCSvc - ok
23:30:32.0643 1820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:30:32.0658 1820 WPDBusEnum - ok
23:30:32.0690 1820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:30:32.0690 1820 ws2ifsl - ok
23:30:32.0721 1820 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:30:32.0736 1820 wscsvc - ok
23:30:32.0736 1820 WSearch - ok
23:30:32.0955 1820 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:30:33.0002 1820 wuauserv - ok
23:30:33.0142 1820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:30:33.0142 1820 WudfPf - ok
23:30:33.0189 1820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:30:33.0189 1820 WUDFRd - ok
23:30:33.0251 1820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:30:33.0251 1820 wudfsvc - ok
23:30:33.0282 1820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:30:33.0298 1820 WwanSvc - ok
23:30:33.0360 1820 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:30:33.0360 1820 yukonw7 - ok
23:30:33.0423 1820 ZTEusbmdm6k (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:30:33.0423 1820 ZTEusbmdm6k - ok
23:30:33.0470 1820 ZTEusbnmea (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:30:33.0470 1820 ZTEusbnmea - ok
23:30:33.0516 1820 ZTEusbser6k (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:30:33.0532 1820 ZTEusbser6k - ok
23:30:33.0563 1820 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
23:30:33.0579 1820 \Device\Harddisk1\DR1 - ok
23:30:33.0594 1820 MBR (0x1B8) (8a09fcb775e04e40cd9c53ee50e5f13f) \Device\Harddisk0\DR0
23:30:33.0844 1820 \Device\Harddisk0\DR0 - ok
23:30:33.0844 1820 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
23:30:33.0860 1820 \Device\Harddisk1\DR1 - ok
23:30:33.0860 1820 Boot (0x1200) (763a739aa083fa2691891e53a4ebffa7) \Device\Harddisk1\DR1\Partition0
23:30:33.0860 1820 \Device\Harddisk1\DR1\Partition0 - ok
23:30:33.0875 1820 Boot (0x1200) (40476c78e2e32d9c7c1a7789fffafceb) \Device\Harddisk0\DR0\Partition0
23:30:33.0875 1820 \Device\Harddisk0\DR0\Partition0 - ok
23:30:33.0891 1820 Boot (0x1200) (3e531791b14339cc71d701a79cead762) \Device\Harddisk0\DR0\Partition1
23:30:33.0906 1820 \Device\Harddisk0\DR0\Partition1 - ok
23:30:33.0922 1820 Boot (0x1200) (e9b93651f4274e7d5e639f93159e2330) \Device\Harddisk0\DR0\Partition2
23:30:33.0922 1820 \Device\Harddisk0\DR0\Partition2 - ok
23:30:33.0938 1820 Boot (0x1200) (63ecf1968d8799e267e60fa9b2ae7fe7) \Device\Harddisk0\DR0\Partition3
23:30:33.0938 1820 \Device\Harddisk0\DR0\Partition3 - ok
23:30:33.0953 1820 Boot (0x1200) (763a739aa083fa2691891e53a4ebffa7) \Device\Harddisk1\DR1\Partition0
23:30:33.0953 1820 \Device\Harddisk1\DR1\Partition0 - ok
23:30:33.0953 1820 ============================================================
23:30:33.0953 1820 Scan finished
23:30:33.0953 1820 ============================================================
23:30:33.0984 2808 Detected object count: 0
23:30:33.0984 2808 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-12 23:32:37
-----------------------------
23:32:37.370 OS Version: Windows x64 6.1.7601 Service Pack 1
23:32:37.370 Number of processors: 4 586 0x2502
23:32:37.370 ComputerName: AMYS-LAPTOP UserName: Amy
23:32:38.806 Initialize success
23:34:53.654 AVAST engine defs: 12071201
23:36:07.005 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:36:07.021 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
23:36:07.021 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JMCR1Port1Path0Target0Lun0
23:36:07.021 Disk 1 Vendor: JMCR Size: 3781MB BusType: 0
23:36:07.037 Disk 0 MBR read successfully
23:36:07.052 Disk 0 MBR scan
23:36:07.052 Disk 0 unknown MBR code
23:36:07.068 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:36:07.083 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287971 MB offset 409600
23:36:07.130 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16970 MB offset 590174208
23:36:07.146 Disk 0 Partition 4 00 0E FAT16 LBA MSWIN4.1 94 MB offset 624944565
23:36:07.193 Disk 0 scanning C:\Windows\system32\drivers
23:36:21.701 Service scanning
23:36:57.114 Modules scanning
23:36:57.129 Disk 0 trace - called modules:
23:36:57.160 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
23:36:57.176 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800581b060]
23:36:57.176 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80056b6b10]
23:36:57.192 5 hpdskflt.sys[fffff88001b7e289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049f0050]
23:36:58.455 AVAST engine scan C:\Windows
23:37:02.341 AVAST engine scan C:\Windows\system32
23:39:33.678 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:39:37.439 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:42:10.620 AVAST engine scan C:\Windows\system32\drivers
23:42:48.920 AVAST engine scan C:\Users\Amy
00:03:38.010 AVAST engine scan C:\ProgramData
00:06:32.430 Scan finished successfully
00:16:16.682 Disk 0 MBR has been saved successfully to "C:\Users\Amy\Desktop\MBR.dat"
00:16:16.698 The log file has been saved successfully to "C:\Users\Amy\Desktop\aswMBR2.txt"

When running aswMBR Avg came up with 2 threats, Trojan horse generic28.anic and Trojan horse backdoor.generic15.axla. I didn't remove the threats just closed the window

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 12 July 2012 - 09:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Amy280893

Amy280893
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 July 2012 - 04:02 AM

ComboFix 12-07-13.01 - Amy 13/07/2012 9:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4023.1926 [GMT 1:00]
Running from: c:\users\Amy\Desktop\ComboFix.exe
Command switches used :: c:\users\Amy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 08:56 . 2012-07-13 08:56 -------- d-----w- c:\users\Samia\AppData\Local\temp
2012-07-13 08:56 . 2012-07-13 08:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-13 08:56 . 2012-07-13 08:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 10:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:42 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 22:42 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 22:42 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 22:42 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 22:42 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 22:42 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 22:41 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 22:41 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 22:41 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 22:41 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 22:41 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 22:41 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 22:41 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 22:41 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 22:41 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 18:38 . 2012-07-11 18:38 -------- d-----w- c:\program files (x86)\ESET
2012-07-09 22:31 . 2012-07-09 22:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-09 22:26 . 2012-07-09 22:26 -------- d-----w- c:\users\Amy\AppData\Roaming\vlc
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 20:37 . 2012-06-23 20:38 -------- d-----w- c:\programdata\WebEx
2012-06-21 09:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 09:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 09:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 09:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 09:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 09:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 09:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 09:41 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 09:41 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 13:41 . 2012-06-18 13:41 -------- d--h--r- c:\users\Amy\AppData\Roaming\SecuROM
2012-06-15 20:35 . 2012-07-11 23:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 20:35 . 2012-07-11 23:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 10:59 . 2012-06-15 10:59 -------- d-----w- c:\programdata\McAfee
2012-06-14 19:37 . 2012-06-14 19:37 -------- d-----w- c:\users\Amy\AppData\Local\Macromedia
2012-06-14 09:44 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 09:44 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 09:44 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 09:44 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 09:44 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 09:44 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 09:44 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 09:44 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 09:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 09:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 09:43 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 09:43 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 09:43 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 09:43 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 09:43 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 09:43 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 09:38 . 2012-06-14 09:38 -------- d-----w- c:\program files\iPod
2012-06-14 09:38 . 2012-06-14 09:39 -------- d-----w- c:\program files\iTunes
2012-06-14 09:38 . 2012-06-14 09:39 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-12_11.22.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 22:02 . 2012-07-12 11:36 53692 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-12 11:36 36964 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-01 21:54 . 2012-07-12 12:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-01 21:54 . 2012-07-11 23:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 21:54 . 2012-07-12 12:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-01 21:54 . 2012-07-11 23:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-12 12:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-11 23:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-01 21:48 . 2012-07-12 11:33 6631 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-03-01 21:48 . 2012-07-12 11:20 6631 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-12 11:21 . 2012-07-12 11:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-12 11:34 . 2012-07-12 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-12 11:34 . 2012-07-12 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-12 11:21 . 2012-07-12 11:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-24 12:09 . 2012-07-12 11:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-09-24 12:09 . 2012-07-12 11:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-07-12 11:21 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-12 11:34 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:59 . 2012-07-13 08:35 432034 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-07-12 11:20 390068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-12 11:33 390068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-12 11:34 1490944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 11:21 1490944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 11:21 4423680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-12 11:34 4423680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 16:47 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944]
"StrmServer.exe"="c:\program files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe" [2010-01-22 746768]
"Facebook Update"="c:\users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"O2DA"="c:\program files (x86)\O2 Assistant\bin\sprtcmd.exe" [2011-09-15 206120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Check for Updates.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-06 9216]
R3 MODRC;PCTV Dib Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2010-11-19 24272]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-03 258560]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-21 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2011-01-06 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files (x86)\O2 Assistant\bin\sprtsvc.exe [2011-09-15 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files (x86)\O2 Assistant\bin\tgsrvc.exe [2011-09-15 185640]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 20654959
*Deregistered* - 20654959
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 23:13]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1001Core.job
- c:\users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-07 23:38]
.
2012-07-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1001UA.job
- c:\users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-07 23:38]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1001Core.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-14 17:25]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1001UA.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-14 17:25]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1003Core.job
- c:\users\Samia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 18:21]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058442776-1217735502-3355323446-1003UA.job
- c:\users\Samia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 18:21]
.
2012-06-30 c:\windows\Tasks\HPCeeScheduleForAMYS-LAPTOP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-06 487424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-28 16395880]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-03-24 2841088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\87o1pkr2.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3bebfdf1-7bbd-4326-9084-d7249cdd36c8%7D&mid=782e9d130ff8401d9331da1c8078f531-879dd0b3d54bdce39f3c28425e2d3e4bf2196578&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-15%2015%3A59%3A49&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-13 10:00:57
ComboFix-quarantined-files.txt 2012-07-13 09:00
ComboFix2.txt 2012-07-12 11:31
.
Pre-Run: 17,200,013,312 bytes free
Post-Run: 16,998,621,184 bytes free
.
- - End Of File - - 1C3841F51D85E9A54DFB922092B3AB1E

#10 Amy280893

Amy280893
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 July 2012 - 04:05 AM

combo fix updated to a new version, and asked for avg to be disabled.

computer is running well

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 13 July 2012 - 12:38 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
AVG Security Toolbar
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Amy280893

Amy280893
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 13 July 2012 - 06:21 PM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Amy :: AMYS-LAPTOP [administrator]

Protection: Enabled

14/07/2012 00:07:44
mbam-log-2012-07-14 (00-07-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254415
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:19:52, on 14/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe
C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Amy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
O4 - HKCU\..\Run: [StrmServer.exe] C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Check for Updates.lnk = C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (O2DA) (sprtsvc_O2DA) - SupportSoft, Inc. - C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (O2DA) (tgsrvc_O2DA) - SupportSoft, Inc. - C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15437 bytes

Computer is running well

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 13 July 2012 - 07:40 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
      O4 - HKCU\..\Run: [StrmServer.exe] C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Amy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - Global Startup: Check for Updates.lnk = C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Amy280893

Amy280893
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 14 July 2012 - 07:50 AM

C:\Qoobox\Quarantine\C\Windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\80000000.@.vir Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{40b12a1c-db3d-75cf-f32b-56a6d38f8bc4}\U\80000064.@.vir Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan deleted - quarantined


AVG came up twice with the 2 threatss mentioned before

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 14 July 2012 - 11:31 AM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users