Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse dropper.generic_c.mmi/ can't access gmail/IE not working


  • This topic is locked This topic is locked
18 replies to this topic

#1 fathem

fathem

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 13 July 2012 - 06:42 PM

Hi, I just received a dell pc from my uncle who passed away a couple of weeks ago. It appears to have some virus issues. I tried running AVG to clear them out but I am still having issues, the trojan horse dropper keeps popping up in agv. Chrome will launch but IE doesn't recognize the internet connection. I can't enable windows firewall. The error message I get is Windows firewall can't change some of your settings error code 0x80070424. I am using a wireless usb to connect to the router. Chrome stops me from accessing gmail. This is a windows 7 64 bit pc :

The site's security certificate is signed using a weak signature algorithm!
You attempted to reach mail.google.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).
You cannot proceed because the website operator has requested heightened security for this domain.

I have downloaded malwarebites but have not run it yet. I'm pretty clueless on what to do next. I tried creating a repair disk in case the pc crashes but even though I format the disk when I attempt to burn it the repair toolkit tells me the disk is not blank.

Help!

Thanks for your time,

Derrek

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by butch at 17:57:36 on 2012-07-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2354 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\PCMonitoringService.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\vds.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: WiseConvert G2 Toolbar: {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
uURLSearchHooks: WiseConvert G1 Toolbar: {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: WiseConvert G2 Toolbar: {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
mURLSearchHooks: WiseConvert G1 Toolbar: {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: WiseConvert G2 Toolbar: {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: WiseConvert G1 Toolbar: {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: WiseConvert G2 Toolbar: {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
TB: WiseConvert G1 Toolbar: {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AW TrayIcon] RunDll32.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [TrayIcRun] RunDll32.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{56834C69-1CB7-47EE-98E7-7565164D4F3C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8FBD7A21-F9B8-4EBD-84C2-0D8974938A2A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B84A9482-343F-4520-BD56-3A3E39AFF4BC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D5341ED2-04DE-4A3E-BC35-BDEAD7F95447} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: WiseConvert G2 Toolbar: {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
BHO-X64: WiseConvert G2 - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: WiseConvert G1 Toolbar: {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
BHO-X64: WiseConvert G1 - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: WiseConvert G2 Toolbar: {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
TB-X64: WiseConvert G1 Toolbar: {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AW TrayIcon] RunDll32.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [TrayIcRun] RunDll32.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 COX CommunicationsMonitoringService;COX Communications Monitoring Service;C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\PCMonitoringService.exe [2010-11-17 14456]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-9 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-9 705856]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-13 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-7 136360]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-7 269480]
S2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-9-7 428200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2011-3-18 45224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-1 250056]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-13 20:48:15 -------- d-----w- C:\Users\butch\AppData\Roaming\AVG
2012-07-13 20:44:35 -------- d-----w- C:\Users\butch\AppData\Roaming\Malwarebytes
2012-07-13 20:44:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-13 20:44:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-13 20:44:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 20:02:52 -------- d-----w- C:\Users\butch\AppData\Roaming\AVG2012
2012-07-13 20:02:23 -------- d-----w- C:\Users\butch\AppData\Local\AVG Secure Search
2012-07-13 20:02:05 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-13 20:02:03 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-13 20:02:03 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-13 20:00:20 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-13 19:59:51 -------- d--h--w- C:\$AVG
2012-07-13 19:59:51 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-13 19:59:51 -------- d-----w- C:\ProgramData\AVG2012
2012-07-13 19:59:05 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-13 19:55:37 -------- d-----w- C:\Users\butch\AppData\Local\CRE
2012-07-13 19:53:54 -------- d--h--w- C:\ProgramData\Common Files
2012-07-13 19:53:54 -------- d-----w- C:\ProgramData\MFAData
2012-07-13 18:51:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 04:10:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-13 04:07:29 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-13 04:07:29 -------- d-----w- C:\Program Files\AVAST Software
2012-07-13 03:34:13 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A91BDB60-F5D3-4A21-88D2-19CD74FD281B}\mpengine.dll
2012-07-13 03:34:10 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-07-13 03:07:45 716800 ----a-w- C:\Windows\System32\drivers\netr7364.sys
2012-07-13 03:07:45 305152 ----a-w- C:\Windows\System32\RaCoInstx.dll
2012-07-13 03:07:45 200704 ----a-w- C:\Windows\SysWow64\UpdateDriver.exe
2012-07-13 03:07:17 -------- d-----w- C:\Program Files (x86)\Belkin
2012-06-21 22:08:35 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 22:08:10 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 22:08:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-13 04:00:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 04:00:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 01:07:27 1111244 ----a-w- C:\ProgramData\SPLE513.tmp
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-18 21:26:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 17:58:27.76 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 13 July 2012 - 11:59 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 fathem

fathem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 15 July 2012 - 12:12 AM

Thanks Gringo,

I can use IE again and windows firewall now works again. After running combofix both of the web browsers were deleted, luckily I had downloaded a copy of IE before running it! I turned AVG back on and I have left windows firewall on for the moment. When trying to install combofix I had to restart a couple of times because it froze up after doing the backup once it was actually loaded it ran fine straight though.

Ive only been running the browser for a few minutes but no popups or new tabs have tried to open yet. Thanks for your help so far. When I rebooted and clicked on the chrome shortcut it actually launched. When I tried before the reboot it said the registry key was deleted and the shortcut disappeared. When I restarted it was there again and launched.
I can now also pull up the gmail.com web page but I haven't logged in yet just in case there are still viruses on the pc.


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
AntiVir Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

ComboFix 12-07-14.01 - butch 07/14/2012 23:39:26.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2688 [GMT -5:00]
Running from: c:\users\butch\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Retrogamer_2zEI
c:\programdata\SPL10C3.tmp
c:\programdata\SPLE513.tmp
c:\users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com
c:\users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest
c:\users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar
c:\users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt
c:\users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\@
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\L\00000004.@
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\L\1afb2d56
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\L\201d3dde
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\00000004.@
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\00000008.@
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\000000cb.@
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\80000000.@
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\80000032.@
c:\windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\80000064.@
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 04:52 . 2012-07-15 04:52 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-15 04:47 . 2012-07-15 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 20:48 . 2012-07-13 20:53 -------- d-----w- c:\users\butch\AppData\Roaming\AVG
2012-07-13 20:44 . 2012-07-13 20:44 -------- d-----w- c:\users\butch\AppData\Roaming\Malwarebytes
2012-07-13 20:44 . 2012-07-13 20:44 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\users\butch\AppData\Local\AVG Secure Search
2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-13 20:00 . 2012-07-13 20:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-13 19:59 . 2012-07-15 04:50 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-13 19:59 . 2012-07-14 01:38 -------- d-----w- c:\programdata\AVG2012
2012-07-13 19:59 . 2012-07-13 19:59 -------- d-----w- C:\$AVG
2012-07-13 19:59 . 2012-07-15 04:51 -------- d-----w- c:\program files (x86)\AVG
2012-07-13 19:55 . 2012-07-13 19:55 -------- d-----w- c:\users\butch\AppData\Local\CRE
2012-07-13 19:53 . 2012-07-15 04:52 -------- d-----w- c:\programdata\MFAData
2012-07-13 19:53 . 2012-07-13 19:53 -------- d--h--w- c:\programdata\Common Files
2012-07-13 18:51 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 04:10 . 2012-07-13 04:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 04:07 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-13 04:07 . 2012-07-13 19:39 -------- d-----w- c:\programdata\AVAST Software
2012-07-13 04:07 . 2012-07-13 04:07 -------- d-----w- c:\program files\AVAST Software
2012-07-13 03:34 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A91BDB60-F5D3-4A21-88D2-19CD74FD281B}\mpengine.dll
2012-07-13 03:34 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-13 03:07 . 2012-07-13 03:07 716800 ----a-w- c:\windows\system32\drivers\netr7364.sys
2012-07-13 03:07 . 2012-07-13 03:07 305152 ----a-w- c:\windows\system32\RaCoInstx.dll
2012-07-13 03:07 . 2008-05-20 22:23 200704 ----a-w- c:\windows\SysWow64\UpdateDriver.exe
2012-07-13 03:07 . 2012-07-13 03:07 -------- d-----w- c:\program files (x86)\Belkin
2012-07-13 03:07 . 2012-07-13 03:07 -------- d-----w- c:\users\butch\AppData\Roaming\InstallShield
2012-06-21 22:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:08 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:08 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 04:00 . 2012-05-02 01:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 04:00 . 2012-05-02 01:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 11:06 . 2012-06-13 18:54 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 18:54 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 18:54 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 18:54 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 18:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 18:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 18:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 18:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 18:54 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 18:54 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 18:54 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 18:54 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 18:54 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 18:54 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 21:26 . 2011-03-09 05:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ac955a4e-5a9c-4d20-8751-a7eac17ac342}"= "c:\program files (x86)\WiseConvert_G2\prxtbWise.dll" [2011-05-09 176936]
"{fedfd743-cc1b-4bd6-b282-394d5ccd751c}"= "c:\program files (x86)\WiseConvert_G1\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ac955a4e-5a9c-4d20-8751-a7eac17ac342}]
.
[HKEY_CLASSES_ROOT\clsid\{fedfd743-cc1b-4bd6-b282-394d5ccd751c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-13 20:02 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ac955a4e-5a9c-4d20-8751-a7eac17ac342}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert_G2\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-05 02:20 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fedfd743-cc1b-4bd6-b282-394d5ccd751c}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert_G1\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
"{ac955a4e-5a9c-4d20-8751-a7eac17ac342}"= "c:\program files (x86)\WiseConvert_G2\prxtbWise.dll" [2011-05-09 176936]
"{fedfd743-cc1b-4bd6-b282-394d5ccd751c}"= "c:\program files (x86)\WiseConvert_G1\prxtbWise.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-13 2074208]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-05 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{ac955a4e-5a9c-4d20-8751-a7eac17ac342}]
.
[HKEY_CLASSES_ROOT\clsid\{fedfd743-cc1b-4bd6-b282-394d5ccd751c}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-13 1107552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-24 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-05-09 428200]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 COX CommunicationsMonitoringService;COX Communications Monitoring Service;c:\program files (x86)\Cox, Inc\Cox PC HealthCheck\PCMonitoringService.exe [2010-11-17 14456]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-13 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2012-07-13 716800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 04:00]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 17:43]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-AW TrayIcon - (no file)
Wow6432Node-HKLM-Run-TrayIcRun - (no file)
Wow6432Node-HKLM-Run-F5D7050v3 - c:\program files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{AC955A4E-5A9C-4D20-8751-A7EAC17AC342} - (no file)
WebBrowser-{FEDFD743-CC1B-4BD6-B282-394D5CCD751C} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\02\11\15\05$?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
.
**************************************************************************
.
Completion time: 2012-07-14 23:54:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 04:54
.
Pre-Run: 418,870,214,656 bytes free
Post-Run: 419,112,103,936 bytes free
.
- - End Of File - - 4EBAE3113CA610A1E5BB143230FCAE4D

Edited by fathem, 15 July 2012 - 12:18 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 15 July 2012 - 12:23 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 fathem

fathem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 15 July 2012 - 11:53 AM

The scans went fine. I did the quickscan on the ASWmbr. I wasn't sure if I was suppose to do that or the c:\ scan.

I don't notice anything different at this point. I haven't had a virus warning since I ran combofix.

report 2

12:27:29.0511 3200 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
12:27:29.0823 3200 ============================================================
12:27:29.0823 3200 Current date / time: 2012/07/15 12:27:29.0823
12:27:29.0823 3200 SystemInfo:
12:27:29.0823 3200
12:27:29.0823 3200 OS Version: 6.1.7601 ServicePack: 1.0
12:27:29.0823 3200 Product type: Workstation
12:27:29.0823 3200 ComputerName: BUTCH-PC
12:27:29.0823 3200 UserName: butch
12:27:29.0823 3200 Windows directory: C:\Windows
12:27:29.0823 3200 System windows directory: C:\Windows
12:27:29.0823 3200 Running under WOW64
12:27:29.0823 3200 Processor architecture: Intel x64
12:27:29.0823 3200 Number of processors: 2
12:27:29.0823 3200 Page size: 0x1000
12:27:29.0823 3200 Boot type: Normal boot
12:27:29.0823 3200 ============================================================
12:27:30.0791 3200 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:27:30.0806 3200 ============================================================
12:27:30.0806 3200 \Device\Harddisk0\DR0:
12:27:30.0806 3200 MBR partitions:
12:27:30.0806 3200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
12:27:30.0806 3200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x387D2800
12:27:30.0806 3200 ============================================================
12:27:30.0837 3200 C: <-> \Device\Harddisk0\DR0\Partition1
12:27:30.0837 3200 ============================================================
12:27:30.0837 3200 Initialize success
12:27:30.0837 3200 ============================================================
12:27:40.0915 3140 ============================================================
12:27:40.0915 3140 Scan started
12:27:40.0915 3140 Mode: Manual;
12:27:40.0915 3140 ============================================================
12:27:42.0694 3140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:27:42.0709 3140 1394ohci - ok
12:27:42.0756 3140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:27:42.0756 3140 ACPI - ok
12:27:42.0772 3140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:27:42.0772 3140 AcpiPmi - ok
12:27:42.0912 3140 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:27:42.0912 3140 AdobeFlashPlayerUpdateSvc - ok
12:27:42.0974 3140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:27:42.0974 3140 adp94xx - ok
12:27:42.0990 3140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:27:43.0006 3140 adpahci - ok
12:27:43.0006 3140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:27:43.0006 3140 adpu320 - ok
12:27:43.0037 3140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:27:43.0037 3140 AeLookupSvc - ok
12:27:43.0084 3140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:27:43.0099 3140 AFD - ok
12:27:43.0115 3140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:27:43.0115 3140 agp440 - ok
12:27:43.0130 3140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:27:43.0130 3140 ALG - ok
12:27:43.0146 3140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:27:43.0146 3140 aliide - ok
12:27:43.0162 3140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:27:43.0162 3140 amdide - ok
12:27:43.0177 3140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:27:43.0177 3140 AmdK8 - ok
12:27:43.0177 3140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:27:43.0177 3140 AmdPPM - ok
12:27:43.0208 3140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:27:43.0208 3140 amdsata - ok
12:27:43.0208 3140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:27:43.0224 3140 amdsbs - ok
12:27:43.0240 3140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:27:43.0240 3140 amdxata - ok
12:27:43.0333 3140 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:27:43.0333 3140 AntiVirSchedulerService - ok
12:27:43.0396 3140 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:27:43.0396 3140 AntiVirService - ok
12:27:43.0442 3140 AntiVirWebService (822b0eb5e0fa4547d52ea4fb1a52910e) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:27:43.0442 3140 AntiVirWebService - ok
12:27:43.0474 3140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:27:43.0474 3140 AppID - ok
12:27:43.0474 3140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:27:43.0474 3140 AppIDSvc - ok
12:27:43.0520 3140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:27:43.0520 3140 Appinfo - ok
12:27:43.0614 3140 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:27:43.0614 3140 Apple Mobile Device - ok
12:27:43.0645 3140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:27:43.0645 3140 arc - ok
12:27:43.0661 3140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:27:43.0661 3140 arcsas - ok
12:27:43.0739 3140 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:27:43.0754 3140 aspnet_state - ok
12:27:43.0754 3140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:27:43.0754 3140 AsyncMac - ok
12:27:43.0770 3140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:27:43.0786 3140 atapi - ok
12:27:43.0832 3140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:27:43.0832 3140 AudioEndpointBuilder - ok
12:27:43.0848 3140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:27:43.0848 3140 AudioSrv - ok
12:27:44.0082 3140 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
12:27:44.0144 3140 AVGIDSAgent - ok
12:27:44.0238 3140 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:27:44.0238 3140 AVGIDSDriver - ok
12:27:44.0254 3140 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:27:44.0254 3140 AVGIDSFilter - ok
12:27:44.0269 3140 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:27:44.0269 3140 AVGIDSHA - ok
12:27:44.0316 3140 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:27:44.0316 3140 Avgldx64 - ok
12:27:44.0332 3140 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:27:44.0332 3140 Avgmfx64 - ok
12:27:44.0410 3140 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
12:27:44.0410 3140 avgntflt - ok
12:27:44.0456 3140 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:27:44.0456 3140 Avgrkx64 - ok
12:27:44.0488 3140 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:27:44.0488 3140 Avgtdia - ok
12:27:44.0566 3140 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:27:44.0566 3140 avgwd - ok
12:27:44.0581 3140 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
12:27:44.0581 3140 avipbb - ok
12:27:44.0628 3140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:27:44.0628 3140 AxInstSV - ok
12:27:44.0690 3140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:27:44.0706 3140 b06bdrv - ok
12:27:44.0768 3140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:27:44.0768 3140 b57nd60a - ok
12:27:44.0831 3140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:27:44.0831 3140 BDESVC - ok
12:27:44.0846 3140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:27:44.0846 3140 Beep - ok
12:27:44.0893 3140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:27:44.0909 3140 BFE - ok
12:27:44.0956 3140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:27:44.0971 3140 BITS - ok
12:27:45.0034 3140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:27:45.0034 3140 blbdrive - ok
12:27:45.0299 3140 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:27:45.0299 3140 Bonjour Service - ok
12:27:45.0330 3140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:27:45.0330 3140 bowser - ok
12:27:45.0346 3140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:27:45.0346 3140 BrFiltLo - ok
12:27:45.0346 3140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:27:45.0346 3140 BrFiltUp - ok
12:27:45.0361 3140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:27:45.0361 3140 BridgeMP - ok
12:27:45.0392 3140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:27:45.0392 3140 Browser - ok
12:27:45.0408 3140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:27:45.0408 3140 Brserid - ok
12:27:45.0424 3140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:27:45.0424 3140 BrSerWdm - ok
12:27:45.0424 3140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:27:45.0424 3140 BrUsbMdm - ok
12:27:45.0439 3140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:27:45.0439 3140 BrUsbSer - ok
12:27:45.0439 3140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:27:45.0439 3140 BTHMODEM - ok
12:27:45.0455 3140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:27:45.0455 3140 bthserv - ok
12:27:45.0470 3140 catchme - ok
12:27:45.0486 3140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:27:45.0486 3140 cdfs - ok
12:27:45.0548 3140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:27:45.0548 3140 cdrom - ok
12:27:45.0580 3140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:27:45.0595 3140 CertPropSvc - ok
12:27:45.0642 3140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:27:45.0642 3140 circlass - ok
12:27:45.0673 3140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:27:45.0673 3140 CLFS - ok
12:27:45.0736 3140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:27:45.0736 3140 clr_optimization_v2.0.50727_32 - ok
12:27:45.0736 3140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:27:45.0751 3140 clr_optimization_v2.0.50727_64 - ok
12:27:45.0829 3140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:27:45.0829 3140 clr_optimization_v4.0.30319_32 - ok
12:27:45.0860 3140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:27:45.0876 3140 clr_optimization_v4.0.30319_64 - ok
12:27:45.0923 3140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:27:45.0923 3140 CmBatt - ok
12:27:45.0954 3140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:27:45.0954 3140 cmdide - ok
12:27:45.0985 3140 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:27:46.0001 3140 CNG - ok
12:27:46.0016 3140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:27:46.0016 3140 Compbatt - ok
12:27:46.0063 3140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:27:46.0063 3140 CompositeBus - ok
12:27:46.0063 3140 COMSysApp - ok
12:27:46.0157 3140 COX CommunicationsMonitoringService (467930467e0acbbd414d16f53c0d5752) C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\PCMonitoringService.exe
12:27:46.0157 3140 COX CommunicationsMonitoringService - ok
12:27:46.0172 3140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:27:46.0172 3140 crcdisk - ok
12:27:46.0235 3140 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:27:46.0235 3140 CryptSvc - ok
12:27:46.0344 3140 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:27:46.0344 3140 cvhsvc - ok
12:27:46.0391 3140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:27:46.0391 3140 DcomLaunch - ok
12:27:46.0453 3140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:27:46.0453 3140 defragsvc - ok
12:27:46.0500 3140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:27:46.0500 3140 DfsC - ok
12:27:46.0562 3140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:27:46.0562 3140 Dhcp - ok
12:27:46.0594 3140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:27:46.0594 3140 discache - ok
12:27:46.0656 3140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:27:46.0656 3140 Disk - ok
12:27:46.0734 3140 dleaCATSCustConnectService (1017d70abe5483f40c10b7774397d120) C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
12:27:46.0734 3140 dleaCATSCustConnectService - ok
12:27:46.0765 3140 dlea_device - ok
12:27:46.0812 3140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:27:46.0812 3140 Dnscache - ok
12:27:46.0906 3140 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
12:27:46.0906 3140 DockLoginService - ok
12:27:46.0952 3140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:27:46.0952 3140 dot3svc - ok
12:27:46.0968 3140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:27:46.0968 3140 DPS - ok
12:27:47.0030 3140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:27:47.0030 3140 drmkaud - ok
12:27:47.0093 3140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:27:47.0093 3140 DXGKrnl - ok
12:27:47.0140 3140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:27:47.0140 3140 EapHost - ok
12:27:47.0296 3140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:27:47.0358 3140 ebdrv - ok
12:27:47.0452 3140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:27:47.0452 3140 EFS - ok
12:27:47.0514 3140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:27:47.0514 3140 ehRecvr - ok
12:27:47.0545 3140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:27:47.0545 3140 ehSched - ok
12:27:47.0623 3140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:27:47.0639 3140 elxstor - ok
12:27:47.0670 3140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:27:47.0670 3140 ErrDev - ok
12:27:47.0717 3140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:27:47.0717 3140 EventSystem - ok
12:27:47.0748 3140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:27:47.0748 3140 exfat - ok
12:27:47.0779 3140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:27:47.0779 3140 fastfat - ok
12:27:47.0857 3140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:27:47.0888 3140 Fax - ok
12:27:47.0888 3140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:27:47.0888 3140 fdc - ok
12:27:47.0904 3140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:27:47.0904 3140 fdPHost - ok
12:27:47.0920 3140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:27:47.0920 3140 FDResPub - ok
12:27:47.0935 3140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:27:47.0935 3140 FileInfo - ok
12:27:47.0935 3140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:27:47.0935 3140 Filetrace - ok
12:27:47.0935 3140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:27:47.0935 3140 flpydisk - ok
12:27:47.0982 3140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:27:47.0982 3140 FltMgr - ok
12:27:48.0044 3140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:27:48.0060 3140 FontCache - ok
12:27:48.0107 3140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:27:48.0107 3140 FontCache3.0.0.0 - ok
12:27:48.0138 3140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:27:48.0138 3140 FsDepends - ok
12:27:48.0154 3140 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:27:48.0154 3140 Fs_Rec - ok
12:27:48.0216 3140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:27:48.0216 3140 fvevol - ok
12:27:48.0263 3140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:27:48.0278 3140 gagp30kx - ok
12:27:48.0356 3140 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:27:48.0372 3140 GamesAppService - ok
12:27:48.0419 3140 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:27:48.0419 3140 GEARAspiWDM - ok
12:27:48.0481 3140 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:27:48.0481 3140 GoToAssist - ok
12:27:48.0544 3140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:27:48.0544 3140 gpsvc - ok
12:27:48.0637 3140 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:27:48.0637 3140 gupdate - ok
12:27:48.0637 3140 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:27:48.0637 3140 gupdatem - ok
12:27:48.0700 3140 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:27:48.0700 3140 gusvc - ok
12:27:48.0715 3140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:27:48.0715 3140 hcw85cir - ok
12:27:48.0778 3140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:27:48.0778 3140 HDAudBus - ok
12:27:48.0778 3140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:27:48.0778 3140 HidBatt - ok
12:27:48.0793 3140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:27:48.0793 3140 HidBth - ok
12:27:48.0793 3140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:27:48.0793 3140 HidIr - ok
12:27:48.0824 3140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:27:48.0824 3140 hidserv - ok
12:27:48.0871 3140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:27:48.0871 3140 HidUsb - ok
12:27:48.0902 3140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:27:48.0902 3140 hkmsvc - ok
12:27:48.0934 3140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:27:48.0934 3140 HomeGroupListener - ok
12:27:48.0965 3140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:27:48.0965 3140 HomeGroupProvider - ok
12:27:49.0012 3140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:27:49.0012 3140 HpSAMD - ok
12:27:49.0058 3140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:27:49.0058 3140 HTTP - ok
12:27:49.0090 3140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:27:49.0090 3140 hwpolicy - ok
12:27:49.0136 3140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:27:49.0136 3140 i8042prt - ok
12:27:49.0183 3140 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
12:27:49.0183 3140 iaStor - ok
12:27:49.0277 3140 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:27:49.0277 3140 IAStorDataMgrSvc - ok
12:27:49.0339 3140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:27:49.0355 3140 iaStorV - ok
12:27:49.0417 3140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:27:49.0433 3140 idsvc - ok
12:27:49.0760 3140 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:27:49.0901 3140 igfx - ok
12:27:49.0994 3140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:27:49.0994 3140 iirsp - ok
12:27:50.0072 3140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:27:50.0072 3140 IKEEXT - ok
12:27:50.0197 3140 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
12:27:50.0213 3140 IntcAzAudAddService - ok
12:27:50.0244 3140 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
12:27:50.0244 3140 IntcHdmiAddService - ok
12:27:50.0275 3140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:27:50.0275 3140 intelide - ok
12:27:50.0338 3140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:27:50.0338 3140 intelppm - ok
12:27:50.0416 3140 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:27:50.0416 3140 IntuitUpdateServiceV4 - ok
12:27:50.0447 3140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:27:50.0447 3140 IPBusEnum - ok
12:27:50.0478 3140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:27:50.0478 3140 IpFilterDriver - ok
12:27:50.0556 3140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:27:50.0556 3140 iphlpsvc - ok
12:27:50.0603 3140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:27:50.0603 3140 IPMIDRV - ok
12:27:50.0603 3140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:27:50.0603 3140 IPNAT - ok
12:27:50.0712 3140 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:27:50.0712 3140 iPod Service - ok
12:27:50.0774 3140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:27:50.0774 3140 IRENUM - ok
12:27:50.0774 3140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:27:50.0774 3140 isapnp - ok
12:27:50.0821 3140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:27:50.0821 3140 iScsiPrt - ok
12:27:50.0868 3140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:27:50.0868 3140 kbdclass - ok
12:27:50.0915 3140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:27:50.0915 3140 kbdhid - ok
12:27:50.0946 3140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:27:50.0946 3140 KeyIso - ok
12:27:51.0008 3140 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
12:27:51.0008 3140 KMWDFILTER - ok
12:27:51.0040 3140 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:27:51.0040 3140 KSecDD - ok
12:27:51.0071 3140 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:27:51.0086 3140 KSecPkg - ok
12:27:51.0086 3140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:27:51.0086 3140 ksthunk - ok
12:27:51.0133 3140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:27:51.0133 3140 KtmRm - ok
12:27:51.0180 3140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:27:51.0180 3140 LanmanServer - ok
12:27:51.0211 3140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:27:51.0211 3140 LanmanWorkstation - ok
12:27:51.0258 3140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:27:51.0258 3140 lltdio - ok
12:27:51.0305 3140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:27:51.0305 3140 lltdsvc - ok
12:27:51.0320 3140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:27:51.0320 3140 lmhosts - ok
12:27:51.0367 3140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:27:51.0383 3140 LSI_FC - ok
12:27:51.0383 3140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:27:51.0383 3140 LSI_SAS - ok
12:27:51.0398 3140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:27:51.0398 3140 LSI_SAS2 - ok
12:27:51.0398 3140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:27:51.0398 3140 LSI_SCSI - ok
12:27:51.0414 3140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:27:51.0414 3140 luafv - ok
12:27:51.0445 3140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:27:51.0445 3140 Mcx2Svc - ok
12:27:51.0445 3140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:27:51.0445 3140 megasas - ok
12:27:51.0476 3140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:27:51.0476 3140 MegaSR - ok
12:27:51.0492 3140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:27:51.0492 3140 MMCSS - ok
12:27:51.0508 3140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:27:51.0508 3140 Modem - ok
12:27:51.0554 3140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:27:51.0554 3140 monitor - ok
12:27:51.0601 3140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:27:51.0601 3140 mouclass - ok
12:27:51.0664 3140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:27:51.0664 3140 mouhid - ok
12:27:51.0695 3140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:27:51.0695 3140 mountmgr - ok
12:27:51.0726 3140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:27:51.0726 3140 mpio - ok
12:27:51.0742 3140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:27:51.0742 3140 mpsdrv - ok
12:27:51.0835 3140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:27:51.0835 3140 MpsSvc - ok
12:27:51.0866 3140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:27:51.0866 3140 MRxDAV - ok
12:27:51.0898 3140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:27:51.0898 3140 mrxsmb - ok
12:27:51.0929 3140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:27:51.0929 3140 mrxsmb10 - ok
12:27:51.0960 3140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:27:51.0960 3140 mrxsmb20 - ok
12:27:51.0976 3140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:27:51.0976 3140 msahci - ok
12:27:52.0022 3140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:27:52.0022 3140 msdsm - ok
12:27:52.0054 3140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:27:52.0054 3140 MSDTC - ok
12:27:52.0069 3140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:27:52.0069 3140 Msfs - ok
12:27:52.0100 3140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:27:52.0100 3140 mshidkmdf - ok
12:27:52.0132 3140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:27:52.0132 3140 msisadrv - ok
12:27:52.0163 3140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:27:52.0163 3140 MSiSCSI - ok
12:27:52.0163 3140 msiserver - ok
12:27:52.0210 3140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:27:52.0210 3140 MSKSSRV - ok
12:27:52.0225 3140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:27:52.0225 3140 MSPCLOCK - ok
12:27:52.0241 3140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:27:52.0241 3140 MSPQM - ok
12:27:52.0288 3140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:27:52.0288 3140 MsRPC - ok
12:27:52.0303 3140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:27:52.0303 3140 mssmbios - ok
12:27:52.0319 3140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:27:52.0319 3140 MSTEE - ok
12:27:52.0319 3140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:27:52.0319 3140 MTConfig - ok
12:27:52.0334 3140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:27:52.0334 3140 Mup - ok
12:27:52.0381 3140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:27:52.0397 3140 napagent - ok
12:27:52.0444 3140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:27:52.0444 3140 NativeWifiP - ok
12:27:52.0506 3140 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:27:52.0506 3140 NDIS - ok
12:27:52.0537 3140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:27:52.0537 3140 NdisCap - ok
12:27:52.0553 3140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:27:52.0553 3140 NdisTapi - ok
12:27:52.0584 3140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:27:52.0584 3140 Ndisuio - ok
12:27:52.0615 3140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:27:52.0631 3140 NdisWan - ok
12:27:52.0646 3140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:27:52.0662 3140 NDProxy - ok
12:27:52.0662 3140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:27:52.0662 3140 NetBIOS - ok
12:27:52.0693 3140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:27:52.0709 3140 NetBT - ok
12:27:52.0724 3140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:27:52.0724 3140 Netlogon - ok
12:27:52.0802 3140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:27:52.0802 3140 Netman - ok
12:27:52.0912 3140 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:52.0912 3140 NetMsmqActivator - ok
12:27:52.0927 3140 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:52.0927 3140 NetPipeActivator - ok
12:27:52.0943 3140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:27:52.0943 3140 netprofm - ok
12:27:53.0005 3140 netr7364 (93a240fd4c133d1ed7ccf829159c4b78) C:\Windows\system32\DRIVERS\netr7364.sys
12:27:53.0021 3140 netr7364 - ok
12:27:53.0052 3140 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:53.0052 3140 NetTcpActivator - ok
12:27:53.0052 3140 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:53.0052 3140 NetTcpPortSharing - ok
12:27:53.0083 3140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:27:53.0083 3140 nfrd960 - ok
12:27:53.0146 3140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:27:53.0146 3140 NlaSvc - ok
12:27:53.0302 3140 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
12:27:53.0317 3140 NOBU - ok
12:27:53.0380 3140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:27:53.0380 3140 Npfs - ok
12:27:53.0411 3140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:27:53.0411 3140 nsi - ok
12:27:53.0426 3140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:27:53.0426 3140 nsiproxy - ok
12:27:53.0520 3140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:27:53.0520 3140 Ntfs - ok
12:27:53.0567 3140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:27:53.0567 3140 Null - ok
12:27:53.0582 3140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:27:53.0582 3140 nvraid - ok
12:27:53.0598 3140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:27:53.0614 3140 nvstor - ok
12:27:53.0629 3140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:27:53.0629 3140 nv_agp - ok
12:27:53.0645 3140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:27:53.0660 3140 ohci1394 - ok
12:27:53.0707 3140 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:27:53.0723 3140 ose - ok
12:27:53.0910 3140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:27:53.0972 3140 osppsvc - ok
12:27:54.0066 3140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:27:54.0082 3140 p2pimsvc - ok
12:27:54.0113 3140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:27:54.0128 3140 p2psvc - ok
12:27:54.0175 3140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:27:54.0175 3140 Parport - ok
12:27:54.0191 3140 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:27:54.0191 3140 partmgr - ok
12:27:54.0238 3140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:27:54.0238 3140 PcaSvc - ok
12:27:54.0269 3140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:27:54.0269 3140 pci - ok
12:27:54.0284 3140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:27:54.0284 3140 pciide - ok
12:27:54.0300 3140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:27:54.0300 3140 pcmcia - ok
12:27:54.0316 3140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:27:54.0316 3140 pcw - ok
12:27:54.0347 3140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:27:54.0347 3140 PEAUTH - ok
12:27:54.0394 3140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:27:54.0394 3140 PerfHost - ok
12:27:54.0503 3140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:27:54.0518 3140 pla - ok
12:27:54.0628 3140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:27:54.0628 3140 PlugPlay - ok
12:27:54.0643 3140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:27:54.0643 3140 PNRPAutoReg - ok
12:27:54.0674 3140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:27:54.0690 3140 PNRPsvc - ok
12:27:54.0706 3140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:27:54.0721 3140 PolicyAgent - ok
12:27:54.0737 3140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:27:54.0752 3140 Power - ok
12:27:54.0815 3140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:27:54.0815 3140 PptpMiniport - ok
12:27:54.0846 3140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:27:54.0846 3140 Processor - ok
12:27:54.0877 3140 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:27:54.0877 3140 ProfSvc - ok
12:27:54.0893 3140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:27:54.0893 3140 ProtectedStorage - ok
12:27:54.0955 3140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:27:54.0955 3140 Psched - ok
12:27:55.0002 3140 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:27:55.0002 3140 PxHlpa64 - ok
12:27:55.0064 3140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:27:55.0096 3140 ql2300 - ok
12:27:55.0158 3140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:27:55.0158 3140 ql40xx - ok
12:27:55.0174 3140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:27:55.0174 3140 QWAVE - ok
12:27:55.0189 3140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:27:55.0189 3140 QWAVEdrv - ok
12:27:55.0189 3140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:27:55.0189 3140 RasAcd - ok
12:27:55.0236 3140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:27:55.0252 3140 RasAgileVpn - ok
12:27:55.0252 3140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:27:55.0252 3140 RasAuto - ok
12:27:55.0283 3140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:27:55.0283 3140 Rasl2tp - ok
12:27:55.0330 3140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:27:55.0330 3140 RasMan - ok
12:27:55.0345 3140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:27:55.0345 3140 RasPppoe - ok
12:27:55.0361 3140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:27:55.0361 3140 RasSstp - ok
12:27:55.0392 3140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:27:55.0392 3140 rdbss - ok
12:27:55.0408 3140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:27:55.0408 3140 rdpbus - ok
12:27:55.0439 3140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:27:55.0439 3140 RDPCDD - ok
12:27:55.0470 3140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:27:55.0486 3140 RDPENCDD - ok
12:27:55.0486 3140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:27:55.0486 3140 RDPREFMP - ok
12:27:55.0532 3140 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:27:55.0532 3140 RDPWD - ok
12:27:55.0564 3140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:27:55.0564 3140 rdyboost - ok
12:27:55.0642 3140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:27:55.0642 3140 RemoteAccess - ok
12:27:55.0657 3140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:27:55.0657 3140 RemoteRegistry - ok
12:27:55.0798 3140 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
12:27:55.0829 3140 RoxMediaDB12OEM - ok
12:27:55.0860 3140 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
12:27:55.0860 3140 RoxWatch12 - ok
12:27:55.0938 3140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:27:55.0938 3140 RpcEptMapper - ok
12:27:55.0954 3140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:27:55.0954 3140 RpcLocator - ok
12:27:55.0985 3140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:27:56.0000 3140 RpcSs - ok
12:27:56.0032 3140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:27:56.0032 3140 rspndr - ok
12:27:56.0078 3140 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:27:56.0078 3140 RTL8167 - ok
12:27:56.0094 3140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:27:56.0094 3140 SamSs - ok
12:27:56.0125 3140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:27:56.0125 3140 sbp2port - ok
12:27:56.0156 3140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:27:56.0156 3140 SCardSvr - ok
12:27:56.0172 3140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:27:56.0172 3140 scfilter - ok
12:27:56.0219 3140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:27:56.0234 3140 Schedule - ok
12:27:56.0266 3140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:27:56.0266 3140 SCPolicySvc - ok
12:27:56.0297 3140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:27:56.0297 3140 SDRSVC - ok
12:27:56.0344 3140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:27:56.0344 3140 secdrv - ok
12:27:56.0375 3140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:27:56.0375 3140 seclogon - ok
12:27:56.0406 3140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:27:56.0406 3140 SENS - ok
12:27:56.0422 3140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:27:56.0422 3140 SensrSvc - ok
12:27:56.0422 3140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:27:56.0437 3140 Serenum - ok
12:27:56.0453 3140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:27:56.0453 3140 Serial - ok
12:27:56.0484 3140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:27:56.0484 3140 sermouse - ok
12:27:56.0515 3140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:27:56.0515 3140 SessionEnv - ok
12:27:56.0546 3140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:27:56.0546 3140 sffdisk - ok
12:27:56.0562 3140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:27:56.0562 3140 sffp_mmc - ok
12:27:56.0578 3140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:27:56.0578 3140 sffp_sd - ok
12:27:56.0593 3140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:27:56.0593 3140 sfloppy - ok
12:27:56.0671 3140 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:27:56.0687 3140 Sftfs - ok
12:27:56.0765 3140 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:27:56.0765 3140 sftlist - ok
12:27:56.0843 3140 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:27:56.0858 3140 Sftplay - ok
12:27:56.0874 3140 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:27:56.0874 3140 Sftredir - ok
12:27:56.0936 3140 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:27:56.0936 3140 SftService - ok
12:27:56.0968 3140 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:27:56.0968 3140 Sftvol - ok
12:27:56.0983 3140 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:27:56.0983 3140 sftvsa - ok
12:27:57.0061 3140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:27:57.0061 3140 SharedAccess - ok
12:27:57.0108 3140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:27:57.0108 3140 ShellHWDetection - ok
12:27:57.0155 3140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:27:57.0155 3140 SiSRaid2 - ok
12:27:57.0170 3140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:27:57.0170 3140 SiSRaid4 - ok
12:27:57.0170 3140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:27:57.0170 3140 Smb - ok
12:27:57.0217 3140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:27:57.0217 3140 SNMPTRAP - ok
12:27:57.0233 3140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:27:57.0233 3140 spldr - ok
12:27:57.0264 3140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:27:57.0280 3140 Spooler - ok
12:27:57.0404 3140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:27:57.0451 3140 sppsvc - ok
12:27:57.0529 3140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:27:57.0529 3140 sppuinotify - ok
12:27:57.0592 3140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:27:57.0592 3140 srv - ok
12:27:57.0623 3140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:27:57.0623 3140 srv2 - ok
12:27:57.0654 3140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:27:57.0654 3140 srvnet - ok
12:27:57.0701 3140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:27:57.0701 3140 SSDPSRV - ok
12:27:57.0716 3140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:27:57.0716 3140 SstpSvc - ok
12:27:57.0732 3140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:27:57.0732 3140 stexstor - ok
12:27:57.0794 3140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:27:57.0810 3140 stisvc - ok
12:27:57.0857 3140 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:27:57.0857 3140 stllssvr - ok
12:27:57.0872 3140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:27:57.0888 3140 swenum - ok
12:27:57.0904 3140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:27:57.0919 3140 swprv - ok
12:27:57.0997 3140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:27:58.0028 3140 SysMain - ok
12:27:58.0091 3140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:27:58.0106 3140 TabletInputService - ok
12:27:58.0138 3140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:27:58.0138 3140 TapiSrv - ok
12:27:58.0153 3140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:27:58.0169 3140 TBS - ok
12:27:58.0262 3140 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:27:58.0262 3140 Tcpip - ok
12:27:58.0403 3140 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:27:58.0403 3140 TCPIP6 - ok
12:27:58.0465 3140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:27:58.0465 3140 tcpipreg - ok
12:27:58.0481 3140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:27:58.0481 3140 TDPIPE - ok
12:27:58.0496 3140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:27:58.0512 3140 TDTCP - ok
12:27:58.0528 3140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:27:58.0528 3140 tdx - ok
12:27:58.0559 3140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:27:58.0559 3140 TermDD - ok
12:27:58.0621 3140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:27:58.0637 3140 TermService - ok
12:27:58.0637 3140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:27:58.0637 3140 Themes - ok
12:27:58.0668 3140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:27:58.0668 3140 THREADORDER - ok
12:27:58.0684 3140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:27:58.0684 3140 TrkWks - ok
12:27:58.0715 3140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:27:58.0715 3140 TrustedInstaller - ok
12:27:58.0746 3140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:27:58.0746 3140 tssecsrv - ok
12:27:58.0777 3140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:27:58.0777 3140 TsUsbFlt - ok
12:27:58.0840 3140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:27:58.0840 3140 tunnel - ok
12:27:58.0840 3140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:27:58.0840 3140 uagp35 - ok
12:27:58.0886 3140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:27:58.0886 3140 udfs - ok
12:27:58.0902 3140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:27:58.0902 3140 UI0Detect - ok
12:27:58.0918 3140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:27:58.0918 3140 uliagpkx - ok
12:27:58.0964 3140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:27:58.0964 3140 umbus - ok
12:27:58.0980 3140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:27:58.0980 3140 UmPass - ok
12:27:59.0027 3140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:27:59.0027 3140 upnphost - ok
12:27:59.0089 3140 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:27:59.0089 3140 USBAAPL64 - ok
12:27:59.0136 3140 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:27:59.0136 3140 usbaudio - ok
12:27:59.0167 3140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:27:59.0167 3140 usbccgp - ok
12:27:59.0214 3140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:27:59.0214 3140 usbcir - ok
12:27:59.0245 3140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:27:59.0245 3140 usbehci - ok
12:27:59.0276 3140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:27:59.0276 3140 usbhub - ok
12:27:59.0276 3140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:27:59.0276 3140 usbohci - ok
12:27:59.0323 3140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:27:59.0323 3140 usbprint - ok
12:27:59.0370 3140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:27:59.0370 3140 usbscan - ok
12:27:59.0401 3140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:27:59.0401 3140 USBSTOR - ok
12:27:59.0417 3140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:27:59.0417 3140 usbuhci - ok
12:27:59.0432 3140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:27:59.0432 3140 UxSms - ok
12:27:59.0448 3140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:27:59.0448 3140 VaultSvc - ok
12:27:59.0510 3140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:27:59.0510 3140 vdrvroot - ok
12:27:59.0557 3140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:27:59.0557 3140 vds - ok
12:27:59.0573 3140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:27:59.0573 3140 vga - ok
12:27:59.0573 3140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:27:59.0573 3140 VgaSave - ok
12:27:59.0604 3140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:27:59.0604 3140 vhdmp - ok
12:27:59.0620 3140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:27:59.0620 3140 viaide - ok
12:27:59.0635 3140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:27:59.0635 3140 volmgr - ok
12:27:59.0682 3140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:27:59.0682 3140 volmgrx - ok
12:27:59.0713 3140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:27:59.0713 3140 volsnap - ok
12:27:59.0760 3140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:27:59.0776 3140 vsmraid - ok
12:27:59.0854 3140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:27:59.0869 3140 VSS - ok
12:27:59.0978 3140 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
12:27:59.0978 3140 vToolbarUpdater11.2.0 - ok
12:28:00.0056 3140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:28:00.0056 3140 vwifibus - ok
12:28:00.0088 3140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:28:00.0088 3140 vwififlt - ok
12:28:00.0134 3140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:28:00.0150 3140 W32Time - ok
12:28:00.0150 3140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:28:00.0150 3140 WacomPen - ok
12:28:00.0212 3140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:28:00.0212 3140 WANARP - ok
12:28:00.0228 3140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:28:00.0228 3140 Wanarpv6 - ok
12:28:00.0322 3140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:28:00.0337 3140 WatAdminSvc - ok
12:28:00.0415 3140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:28:00.0446 3140 wbengine - ok
12:28:00.0493 3140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:28:00.0493 3140 WbioSrvc - ok
12:28:00.0540 3140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:28:00.0556 3140 wcncsvc - ok
12:28:00.0556 3140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:28:00.0556 3140 WcsPlugInService - ok
12:28:00.0571 3140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:28:00.0571 3140 Wd - ok
12:28:00.0602 3140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:28:00.0602 3140 Wdf01000 - ok
12:28:00.0634 3140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:28:00.0634 3140 WdiServiceHost - ok
12:28:00.0634 3140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:28:00.0634 3140 WdiSystemHost - ok
12:28:00.0680 3140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:28:00.0680 3140 WebClient - ok
12:28:00.0696 3140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:28:00.0696 3140 Wecsvc - ok
12:28:00.0727 3140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:28:00.0727 3140 wercplsupport - ok
12:28:00.0774 3140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:28:00.0774 3140 WerSvc - ok
12:28:00.0805 3140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:28:00.0805 3140 WfpLwf - ok
12:28:00.0852 3140 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:28:00.0852 3140 WimFltr - ok
12:28:00.0852 3140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:28:00.0852 3140 WIMMount - ok
12:28:00.0914 3140 WinDefend - ok
12:28:00.0930 3140 WinHttpAutoProxySvc - ok
12:28:00.0977 3140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:28:00.0977 3140 Winmgmt - ok
12:28:01.0070 3140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:28:01.0102 3140 WinRM - ok
12:28:01.0226 3140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:28:01.0242 3140 Wlansvc - ok
12:28:01.0289 3140 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:28:01.0289 3140 wlcrasvc - ok
12:28:01.0398 3140 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:28:01.0414 3140 wlidsvc - ok
12:28:01.0460 3140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:28:01.0460 3140 WmiAcpi - ok
12:28:01.0492 3140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:28:01.0492 3140 wmiApSrv - ok
12:28:01.0538 3140 WMPNetworkSvc - ok
12:28:01.0554 3140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:28:01.0554 3140 WPCSvc - ok
12:28:01.0585 3140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:28:01.0585 3140 WPDBusEnum - ok
12:28:01.0601 3140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:28:01.0601 3140 ws2ifsl - ok
12:28:01.0648 3140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:28:01.0648 3140 wscsvc - ok
12:28:01.0663 3140 WSearch - ok
12:28:01.0772 3140 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:28:01.0804 3140 wuauserv - ok
12:28:01.0850 3140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:28:01.0850 3140 WudfPf - ok
12:28:01.0897 3140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:28:01.0897 3140 WUDFRd - ok
12:28:01.0928 3140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:28:01.0928 3140 wudfsvc - ok
12:28:01.0944 3140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:28:01.0960 3140 WwanSvc - ok
12:28:02.0022 3140 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
12:28:02.0178 3140 \Device\Harddisk0\DR0 - ok
12:28:02.0178 3140 Boot (0x1200) (81cd618a933d15d6ecf4421eebaac361) \Device\Harddisk0\DR0\Partition0
12:28:02.0178 3140 \Device\Harddisk0\DR0\Partition0 - ok
12:28:02.0194 3140 Boot (0x1200) (97236cd70a033d7d139b13f298c08925) \Device\Harddisk0\DR0\Partition1
12:28:02.0194 3140 \Device\Harddisk0\DR0\Partition1 - ok
12:28:02.0209 3140 ============================================================
12:28:02.0209 3140 Scan finished
12:28:02.0209 3140 ============================================================
12:28:02.0209 3144 Detected object count: 0
12:28:02.0209 3144 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 12:30:11
-----------------------------
12:30:11.638 OS Version: Windows x64 6.1.7601 Service Pack 1
12:30:11.638 Number of processors: 2 586 0x170A
12:30:11.638 ComputerName: BUTCH-PC UserName: butch
12:30:13.182 Initialize success
12:36:28.098 AVAST engine defs: 12071500
12:37:00.848 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:37:00.848 Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
12:37:00.864 Disk 0 MBR read successfully
12:37:00.864 Disk 0 MBR scan
12:37:00.864 Disk 0 Windows VISTA default MBR code
12:37:00.864 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:37:00.879 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14142 MB offset 81920
12:37:00.895 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462757 MB offset 29044736
12:37:00.926 Disk 0 scanning C:\Windows\system32\drivers
12:37:07.400 Service scanning
12:37:23.983 Modules scanning
12:37:23.983 Disk 0 trace - called modules:
12:37:23.998 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:37:24.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f6060]
12:37:24.498 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80043a5580]
12:37:24.513 5 ACPI.sys[fffff88000f997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043a7060]
12:37:25.652 AVAST engine scan C:\Windows
12:37:27.555 AVAST engine scan C:\Windows\system32
12:39:48.254 AVAST engine scan C:\Windows\system32\drivers
12:39:56.335 AVAST engine scan C:\Users\butch
12:48:27.834 AVAST engine scan C:\ProgramData
12:49:32.627 Scan finished successfully
12:50:26.541 Disk 0 MBR has been saved successfully to "C:\Users\butch\Documents\virus\MBR.dat"
12:50:26.556 The log file has been saved successfully to "C:\Users\butch\Documents\virus\report 3.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 15 July 2012 - 12:23 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com
c:\program files (x86)\Vuze_Remote
c:\progra~2\SEARCH~1\Datamngr

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 fathem

fathem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 15 July 2012 - 12:41 PM

I had no issues running the script. The computer seems stable.

ComboFix 12-07-14.01 - butch 07/15/2012 13:32:05.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2268 [GMT -4:00]
Running from: c:\users\butch\Desktop\ComboFix.exe
Command switches used :: c:\users\butch\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\SEARCH~1\Datamngr
c:\progra~2\SEARCH~1\Datamngr\BrowserConnection.dll
c:\progra~2\SEARCH~1\Datamngr\datamngr.dll
c:\progra~2\SEARCH~1\Datamngr\datamngrUI.exe
c:\progra~2\SEARCH~1\Datamngr\DnsBHO.dll
c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\as_guid.dat
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\external.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\preferences.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\template.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\vmncode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ca.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ebay.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\email.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\email_on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\facebook.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\games.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\grey.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\images.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\imesh.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\mail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\music.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\news.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\orange.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\shopping.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\technorati.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\translate.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\video.bmp
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\web.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\youtube.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\zoom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\components\windowmediator.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\dtUser.exe
c:\progra~2\SEARCH~1\Datamngr\ToolBar\manifest.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchquband.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\uninstall.exe
c:\progra~2\SEARCH~1\Datamngr\x64\BrowserConnection.dll
c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll
c:\progra~2\SEARCH~1\Datamngr\x64\datamngrUI.exe
c:\progra~2\SEARCH~1\Datamngr\x64\DnsBHO.dll
c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cb_a45f.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_5a53.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\Vuze_Remote\GottenAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\ldrtbVuze.dll
c:\program files (x86)\Vuze_Remote\OtherAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
c:\program files (x86)\Vuze_Remote\SharedAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\tbVuze.dll
c:\program files (x86)\Vuze_Remote\toolbar.cfg
c:\program files (x86)\Vuze_Remote\ToolbarContextMenu.xml
c:\program files (x86)\Vuze_Remote\uninstall.exe
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\users\butch\AppData\Local\Temp\{E75C0DB3-DAD6-44DB-8F34-279F380ED57A}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 17:37 . 2012-07-15 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 05:22 . 2012-07-15 13:13 -------- d-----w- c:\users\butch\AppData\Roaming\skypePM
2012-07-13 20:48 . 2012-07-13 20:53 -------- d-----w- c:\users\butch\AppData\Roaming\AVG
2012-07-13 20:44 . 2012-07-13 20:44 -------- d-----w- c:\users\butch\AppData\Roaming\Malwarebytes
2012-07-13 20:44 . 2012-07-13 20:44 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\users\butch\AppData\Local\AVG Secure Search
2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-13 20:00 . 2012-07-13 20:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-13 19:59 . 2012-07-15 13:49 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-13 19:59 . 2012-07-14 01:38 -------- d-----w- c:\programdata\AVG2012
2012-07-13 19:59 . 2012-07-13 19:59 -------- d-----w- C:\$AVG
2012-07-13 19:59 . 2012-07-15 04:51 -------- d-----w- c:\program files (x86)\AVG
2012-07-13 19:55 . 2012-07-13 19:55 -------- d-----w- c:\users\butch\AppData\Local\CRE
2012-07-13 19:53 . 2012-07-15 13:49 -------- d-----w- c:\programdata\MFAData
2012-07-13 19:53 . 2012-07-13 19:53 -------- d--h--w- c:\programdata\Common Files
2012-07-13 18:51 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 04:10 . 2012-07-13 04:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 04:07 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-13 04:07 . 2012-07-13 19:39 -------- d-----w- c:\programdata\AVAST Software
2012-07-13 04:07 . 2012-07-13 04:07 -------- d-----w- c:\program files\AVAST Software
2012-07-13 03:34 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A91BDB60-F5D3-4A21-88D2-19CD74FD281B}\mpengine.dll
2012-07-13 03:34 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-13 03:07 . 2012-07-13 03:07 716800 ----a-w- c:\windows\system32\drivers\netr7364.sys
2012-07-13 03:07 . 2012-07-13 03:07 305152 ----a-w- c:\windows\system32\RaCoInstx.dll
2012-07-13 03:07 . 2008-05-20 22:23 200704 ----a-w- c:\windows\SysWow64\UpdateDriver.exe
2012-07-13 03:07 . 2012-07-13 03:07 -------- d-----w- c:\program files (x86)\Belkin
2012-07-13 03:07 . 2012-07-13 03:07 -------- d-----w- c:\users\butch\AppData\Roaming\InstallShield
2012-06-21 22:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:08 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:08 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 04:00 . 2012-05-02 01:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 04:00 . 2012-05-02 01:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 11:06 . 2012-06-13 18:54 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 18:54 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 18:54 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 18:54 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 18:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 18:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 18:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 18:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 18:54 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 18:54 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 18:54 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 18:54 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 18:54 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 18:54 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 21:26 . 2011-03-09 05:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_04.49.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-09 05:39 . 2012-07-15 13:14 53890 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-15 13:14 41660 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-12 22:22 . 2012-07-15 13:14 14818 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017096089-1775180142-987509778-1001_UserData.bin
- 2011-03-12 22:08 . 2012-07-13 22:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-12 22:08 . 2012-07-15 17:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-12 22:08 . 2012-07-13 22:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-12 22:08 . 2012-07-15 17:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 22:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-15 17:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-15 13:11 . 2012-07-15 13:11 1844 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-15 04:47 . 2012-07-15 04:47 1844 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-15 04:48 . 2012-07-15 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 13:12 . 2012-07-15 13:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 13:12 . 2012-07-15 13:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-15 04:48 . 2012-07-15 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-13 05:46 . 2012-07-15 13:10 324508 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-14 01:42 660732 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-15 13:17 660732 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-15 13:17 121402 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-14 01:42 121402 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-15 13:11 429572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-15 04:47 429572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-15 08:29 . 2012-07-15 04:47 5638220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3017096089-1775180142-987509778-1001-8192.dat
+ 2011-04-15 08:29 . 2012-07-15 05:02 5638220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3017096089-1775180142-987509778-1001-8192.dat
+ 2011-04-27 08:17 . 2012-07-15 13:11 25271633 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3017096089-1775180142-987509778-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ac955a4e-5a9c-4d20-8751-a7eac17ac342}"= "c:\program files (x86)\WiseConvert_G2\prxtbWise.dll" [2011-05-09 176936]
"{fedfd743-cc1b-4bd6-b282-394d5ccd751c}"= "c:\program files (x86)\WiseConvert_G1\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ac955a4e-5a9c-4d20-8751-a7eac17ac342}]
.
[HKEY_CLASSES_ROOT\clsid\{fedfd743-cc1b-4bd6-b282-394d5ccd751c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-13 20:02 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ac955a4e-5a9c-4d20-8751-a7eac17ac342}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert_G2\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fedfd743-cc1b-4bd6-b282-394d5ccd751c}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WiseConvert_G1\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ac955a4e-5a9c-4d20-8751-a7eac17ac342}"= "c:\program files (x86)\WiseConvert_G2\prxtbWise.dll" [2011-05-09 176936]
"{fedfd743-cc1b-4bd6-b282-394d5ccd751c}"= "c:\program files (x86)\WiseConvert_G1\prxtbWise.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-13 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{ac955a4e-5a9c-4d20-8751-a7eac17ac342}]
.
[HKEY_CLASSES_ROOT\clsid\{fedfd743-cc1b-4bd6-b282-394d5ccd751c}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-13 1107552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-24 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-05-09 428200]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 COX CommunicationsMonitoringService;COX Communications Monitoring Service;c:\program files (x86)\Cox, Inc\Cox PC HealthCheck\PCMonitoringService.exe [2010-11-17 14456]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-13 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2012-07-13 716800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 81887645
*NewlyCreated* - ASWMBR
*Deregistered* - 81887645
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 04:00]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 17:43]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
Toolbar-10 - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{AC955A4E-5A9C-4D20-8751-A7EAC17AC342} - (no file)
WebBrowser-{FEDFD743-CC1B-4BD6-B282-394D5CCD751C} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Vuze_Remote Toolbar - c:\program files (x86)\Vuze_Remote\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\02\11\15\05$?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-15 13:39:20
ComboFix-quarantined-files.txt 2012-07-15 17:39
ComboFix2.txt 2012-07-15 04:54
.
Pre-Run: 418,725,847,040 bytes free
Post-Run: 418,811,396,096 bytes free
.
- - End Of File - - C23B5D70F6F8827F861AD3D2245141AD

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 15 July 2012 - 12:55 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 fathem

fathem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 15 July 2012 - 01:43 PM

Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
ArcadeWeb
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Awakening The Dreamless Castle
Belkin 54Mbps Wireless Network Adapter
ClubWPTBuddy
Consumer In-Home Service Agreement
Cox PC HealthCheck
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Marketplace Webslice IE8
DirectX 9 Runtime
DUNGEONS
eBay
Full Tilt Poker
GameTap Web Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Intel® Control Center
Intel® Rapid Storage Technology
Internet Explorer
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
League of Legends
Luxor 2
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Overlord
Pando Media Booster
PhotoShowExpress
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Safari
Searchqu Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Settlement Colossus
Skype Toolbars
Skype™ 4.2
SocialRibbons LP4
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
TrustedID
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
UB
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables
Vuze Remote Toolbar
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WiseConvert G1 Toolbar
WiseConvert G2 Toolbar

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 15 July 2012 - 02:48 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1
Ask Toolbar
Full Tilt Poker
Java™ 6 Update 31
Searchqu Toolbar
Vuze Remote Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 fathem

fathem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 15 July 2012 - 10:54 PM

When running the revo uninstaller I didn't have a bolded item section on the
adobe reader, I did not remove the folders on the "•put a check on any folders that are found and select delete"
screen because I thought it was the "
•Check/tick the bolded items only on the list then click Delete" screen.
Because the program was removed I don't know how to locate those temp folders to remove them.
I got an error 1316 when trying to remove the ask toolbar.msi the uninstall went through after the error message.

I rebooted the computer and it seems to be running with no issues.





Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
butch :: BUTCH-PC [administrator]

Protection: Disabled

7/15/2012 11:38:26 PM
mbam-log-2012-07-15 (23-38-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215124
Time elapsed: 1 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb (Adware.ArcadeWeb) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
C:\Users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\Chrome (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
C:\Users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components (Adware.ArcadeWeb) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\chrome.manifest (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
C:\Users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\install.rdf (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
C:\Users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\Chrome\awtextlinks.jar (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
C:\Users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox.xpt (Adware.ArcadeWeb) -> Quarantined and deleted successfully.
C:\Users\butch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\AWextension.js (Adware.ArcadeWeb) -> Quarantined and deleted successfully.

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:46:22 PM, on 7/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\butch\Documents\virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: WiseConvert G2 Toolbar - {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
R3 - URLSearchHook: WiseConvert G1 Toolbar - {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: WiseConvert G2 - {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: WiseConvert G1 - {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)
O3 - Toolbar: WiseConvert G2 Toolbar - {ac955a4e-5a9c-4d20-8751-a7eac17ac342} - C:\Program Files (x86)\WiseConvert_G2\prxtbWise.dll
O3 - Toolbar: WiseConvert G1 Toolbar - {fedfd743-cc1b-4bd6-b282-394d5ccd751c} - C:\Program Files (x86)\WiseConvert_G1\prxtbWise.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q ""
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15543 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 15 July 2012 - 11:09 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q ""
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fathem

fathem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 16 July 2012 - 12:27 AM

Gringo thank you for all your help so far. I accidentally did not delete the additional folders for Adobe Reader 9.5.1 with the revo uninstaller. Is this an issue? I'm running the scan now and will post the results once it is finished.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 16 July 2012 - 12:29 AM

no that is not an issue - that is what would have been left behind if you had used add/remove in control panal


I will be around for a few hours



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 fathem

fathem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 16 July 2012 - 01:28 AM

The program found some viruses.


C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\SEARCH~1\Datamngr\BrowserConnection.dll.vir Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files (x86)\SEARCH~1\Datamngr\datamngr.dll.vir Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files (x86)\SEARCH~1\Datamngr\datamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files (x86)\SEARCH~1\Datamngr\DnsBHO.dll.vir Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files (x86)\SEARCH~1\Datamngr\IEBHO.dll.vir Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{232a6f44-78ab-45f7-e1bf-6050b861c913}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL Win32/FunWeb application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL Win32/FunWeb application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL Win32/FunWeb application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL Win32/Toolbar.MyWebSearch.D application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE Win32/FunWeb application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Win32/FunWeb application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL a variant of Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL a variant of Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL a variant of Win32/Toolbar.MyWebSearch.K application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Users\butch\AppData\LocalLow\FunWebProducts\Installr\Cache\01948195.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\f3PSSavr.scr Win32/Toolbar.MyWebSearch application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users