Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Patched_c.LXT < White listed and cant be removed!


  • This topic is locked This topic is locked
31 replies to this topic

#1 Akira Yatsu

Akira Yatsu

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 17 July 2012 - 10:17 PM

Hello! I just registered in this forums, and they appeared to be pretty interesting. I saw a post before about a Patched trojan before but never found the solution.

This trojan white lists itself and doesnt let my AVG clean it, i believe it is somewhere i cant destroy it for it will mess up my system, is that true?

I ran AVG and found this.
I left my Lap all night on and keeps finding the same Trojan again and again, except from a couple more that you see there... which were found after I ran TDSkiller, I dont know what is all that tho.

Posted Image

I found a couple of ways to "remove it" but they seem like specific ways and I have no idea if this will affect my core files and mess up my system, so I decided it was time to look for some actual help, not just reading some old answers.
Currently, I ran:
AVG
TDSKiller
ESET
aswMRB <--- Has found them but I'm afraid to fix the files it tells me to because of the "core files" thing.

Thanks in advance to anyone who can help me here!

Most of the things I have used except AVG are because of this post I looked up on the internet (i know, but it has worked before!) to download this three items, besides, when I saw someone posting this before he was asked to post the logs (which he never did) so I decided to post this, I someone requires me to post this logs, please let me know which ones and I will do so. (Been checking all day now heh!) Thanks again if anyone can halp meeh! C:

I was told i should post the logs in here, so here i go!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by home at 21:32:18 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3068 [GMT -5:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\lxdncoms.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\PROGRA~2\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\windows\system32\igfxtray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\PROGRAM FILES\LOGITECH\SETPOINTP\SETPOINT.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\DllHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15387
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\2375942554530373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\2516B6865696460294E636E2 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\43734353 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\55450514D23554455505 : DhcpNameServer = 129.113.38.36 129.113.38.34
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\D4F6F6E6265616E637 : DhcpNameServer = 192.168.99.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\1qc0gzhl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4fe03e68-95b8-4019-b962-16fb98a3f36f%7D&mid=0bf457dac2f80c349fbd8fadc9073f84-e081b69803c7312ff1a3d83fe86d5d79533b2bb9&ds=AVG&v=9.0.0.18.1&lang=us&pr=pa&d=2011-11-30%2005%3A29%3A43&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
.
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1324813798
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1324814038
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1324813918
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1324850838
FF - user.js: avg.install.currLocale - us
FF - user.js: avg.install.date - 1322631406000
FF - user.js: avg.install.finished - 9.0.0.18.1
FF - user.js: avg.install.guid - {4fe03e68-95b8-4019-b962-16fb98a3f36f}
FF - user.js: avg.install.installDirPath - C:\\ProgramData\\AVG Secure Search\\9.0.0.18
FF - user.js: avg.install.isDisabled - 1
FF - user.js: avg.install.isHidden - true
FF - user.js: avg.install.lastUpdaterReq - 1322631411000
FF - user.js: avg.install.laststatreq - 1322631411000
FF - user.js: avg.install.migrationComplete - true
FF - user.js: avg.install.newtab - false
FF - user.js: avg.install.overlayVersion - 634569785481041250
FF - user.js: avg.install.updaterInterval - 24
FF - user.js: avg.install.userHPSettings - chrome://branding/locale/browserconfig.properties
FF - user.js: avg.install.userSPSettings - Google
FF - user.js: avg.userPreferences.newtabDisabledByUser - true
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - C:\\Users\\home\\Pictures
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.startup.homepage - hxxps://www.google.com/
FF - user.js: browser.startup.homepage_override.buildID - 20111120135848
FF - user.js: browser.startup.homepage_override.mstone - rv:8.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.8.0.1
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.avg@igeared.install-event-fired - true
FF - user.js: extensions.avg@toolbar.install-event-fired - true
FF - user.js: extensions.blocklist.pingCountTotal - 24
FF - user.js: extensions.blocklist.pingCountVersion - 24
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0.1
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\avg@toolbar\:{\descriptor\:\C:\\\\ProgramData\\\\AVG Secure Search\\\\9.0.0.18\,\mtime\:1322653006326}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1322357629759}}},{\name\:\app-profile\,\addons\:{\toolbar@ask.com\:{\descriptor\:\C:\\\\Users\\\\home\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1qc0gzhl.default\\\\extensions\\\\toolbar@ask.com\,\mtime\:1323021597109}}}]
FF - user.js: extensions.lastAppVersion - 8.0.1
FF - user.js: extensions.lastPlatformVersion - 8.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: font.name.serif.x-western - Arial
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1324555781
FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8
FF - user.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4fe03e68-95b8-4019-b962-16fb98a3f36f%7D&mid=0bf457dac2f80c349fbd8fadc9073f84-e081b69803c7312ff1a3d83fe86d5d79533b2bb9&ds=AVG&v=9.0.0.18.1&lang=us&pr=pa&d=2011-11-30%2005%3A29%3A43&sap=ku&q=
FF - user.js: lightweightThemes.isThemeSelected - true
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\313089\,\name\:\Opeth - Black Backdrop\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/9/313089/Opeth_Black_Header.jpg?1287261966\,\footerURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/Opeth_Black_Footer.jpg?1287261966\,\textcolor\:\#ffffff\,\accentcolor\:\#000000\,\iconURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/preview_small.jpg?1287261966\,\previewURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/preview.jpg?1287261966\,\author\:\Metal Desktops\,\description\:\Opeth's logo on a black backdrop\,\updateURL\:\https://www.getpersonas.com/en-US/update_check/313089\,\version\:\1287261966\,\updateDate\:1322461330745,\installDate\:1322358109234}]
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 0
FF - user.js: places.database.lastMaintenance - 1324555781
FF - user.js: places.history.expiration.transient_current_max_pages - 190553
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: print_printer - Lexmark 2600 Series
FF - user.js: printer_Lexmark_2600_Series.print_bgcolor - false
FF - user.js: printer_Lexmark_2600_Series.print_bgimages - false
FF - user.js: printer_Lexmark_2600_Series.print_colorspace -
FF - user.js: printer_Lexmark_2600_Series.print_command -
FF - user.js: printer_Lexmark_2600_Series.print_downloadfonts - false
FF - user.js: printer_Lexmark_2600_Series.print_edge_bottom - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_left - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_right - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_top - 0
FF - user.js: printer_Lexmark_2600_Series.print_evenpages - true
FF - user.js: printer_Lexmark_2600_Series.print_footercenter -
FF - user.js: printer_Lexmark_2600_Series.print_footerleft - &PT
FF - user.js: printer_Lexmark_2600_Series.print_footerright - &D
FF - user.js: printer_Lexmark_2600_Series.print_headercenter -
FF - user.js: printer_Lexmark_2600_Series.print_headerleft - &T
FF - user.js: printer_Lexmark_2600_Series.print_headerright - &U
FF - user.js: printer_Lexmark_2600_Series.print_in_color - true
FF - user.js: printer_Lexmark_2600_Series.print_margin_bottom - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_left - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_right - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_top - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_oddpages - true
FF - user.js: printer_Lexmark_2600_Series.print_orientation - 0
FF - user.js: printer_Lexmark_2600_Series.print_page_delay - 50
FF - user.js: printer_Lexmark_2600_Series.print_paper_data - 1
FF - user.js: printer_Lexmark_2600_Series.print_paper_height - 11.00
FF - user.js: printer_Lexmark_2600_Series.print_paper_name -
FF - user.js: printer_Lexmark_2600_Series.print_paper_size_type - 0
FF - user.js: printer_Lexmark_2600_Series.print_paper_size_unit - 0
FF - user.js: printer_Lexmark_2600_Series.print_paper_width - 8.50
FF - user.js: printer_Lexmark_2600_Series.print_plex_name -
FF - user.js: printer_Lexmark_2600_Series.print_resolution_name -
FF - user.js: printer_Lexmark_2600_Series.print_reversed - false
FF - user.js: printer_Lexmark_2600_Series.print_scaling - 1.00
FF - user.js: printer_Lexmark_2600_Series.print_shrink_to_fit - true
FF - user.js: printer_Lexmark_2600_Series.print_to_file - false
FF - user.js: printer_Lexmark_2600_Series.print_to_filename -
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_left - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_right - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_top - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_colorspace -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_command -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footercenter -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headercenter -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_page_delay - 50
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_data - 1
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_plex_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_resolution_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_to_filename -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1322359682
FF - user.js: toolkit.telemetry.prompted - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324949738
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\windows\system32\Drivers\AVGIDSwa.sys --> C:\windows\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\windows\system32\Drivers\avgrkx64.sys --> C:\windows\system32\Drivers\avgrkx64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\windows\system32\Drivers\avgldx64.sys --> C:\windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\windows\system32\Drivers\avgmfx64.sys --> C:\windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\windows\system32\Drivers\avgtdia.sys --> C:\windows\system32\Drivers\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-26 913792]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2011-11-26 921952]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-11-26 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2011-11-26 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-11-26 5897808]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-13 498688]
R2 lxdn_device;lxdn_device;C:\windows\system32\lxdncoms.exe -service --> C:\windows\system32\lxdncoms.exe -service [?]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-6-2 31624]
R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-29 2656536]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-13 986112]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\system32\DRIVERS\asmthub3.sys --> C:\windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\system32\DRIVERS\asmtxhci.sys --> C:\windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2011-11-26 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2011-11-26 35920]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\windows\system32\DRIVERS\igdpmd64.sys --> C:\windows\system32\DRIVERS\igdpmd64.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\system32\DRIVERS\LEqdUsb.Sys --> C:\windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\system32\DRIVERS\LHidEqd.Sys --> C:\windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-26 167264]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-31 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-18 02:03:30 -------- d-----w- C:\Users\home\AppData\Local\{8422228C-D71C-4381-B6A7-28D7DBEA26A4}
2012-07-18 02:03:18 -------- d-----w- C:\Users\home\AppData\Local\{EA1B86C9-0F6C-4060-B5FB-5ADBC1576BF3}
2012-07-18 00:14:49 -------- d-----w- C:\Users\home\AppData\Local\{D36AD167-5716-4A84-83D5-668AE985793C}
2012-07-18 00:14:36 -------- d-----w- C:\Users\home\AppData\Local\{B84CBB20-677A-47AB-BAB0-49198F8D6118}
2012-07-17 01:25:42 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-16 02:04:26 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 02:00:03 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-07-15 15:07:12 -------- d-----w- C:\Users\home\AppData\Local\{B47692A4-7386-480E-8BA7-D8ECDF86786C}
2012-07-15 15:07:00 -------- d-----w- C:\Users\home\AppData\Local\{BB8719DD-C8A0-4962-B930-2685A23F0603}
2012-07-13 16:20:24 -------- d-----w- C:\Users\home\AppData\Local\{CC2A7284-EC7D-4D10-A8A0-F2339C807EF9}
2012-07-13 16:20:12 -------- d-----w- C:\Users\home\AppData\Local\{64349DA0-E8D6-4740-8B55-03449B433085}
2012-07-13 04:38:39 -------- d-----w- C:\Users\home\AppData\Local\{05233807-8F77-4013-9390-3A3515DACB1C}
2012-07-13 04:38:27 -------- d-----w- C:\Users\home\AppData\Local\{40DCD986-E074-4750-8039-A975CEB9B05D}
2012-07-12 16:30:59 -------- d-----w- C:\Users\home\AppData\Local\{2B9BE380-4705-4EBF-AAB5-3B634D349E09}
2012-07-12 16:30:45 -------- d-----w- C:\Users\home\AppData\Local\{20C417EC-DFB6-45A3-B9F8-5879C86DCE0A}
2012-07-12 08:05:24 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 19:15:52 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 14:41:12 -------- d-----w- C:\Users\home\AppData\Local\{195A8558-C67D-4ED0-880E-C68CDF39B304}
2012-07-11 14:41:01 -------- d-----w- C:\Users\home\AppData\Local\{1072D0CB-C84D-4AED-A521-99D1742AB948}
2012-07-10 16:51:28 -------- d-----w- C:\Users\home\AppData\Local\{E07BFCA5-84E0-411D-AA34-10466B8A7F02}
2012-07-10 16:51:16 -------- d-----w- C:\Users\home\AppData\Local\{05E7175C-99FB-41FC-ADAC-0319506CD2E5}
2012-07-09 16:19:07 -------- d-----w- C:\Users\home\AppData\Local\{DE5A77CE-47D9-4853-8A55-3DDEF834335F}
2012-07-09 16:18:56 -------- d-----w- C:\Users\home\AppData\Local\{24D2604A-5152-454A-8919-31206A662365}
2012-07-09 04:03:46 -------- d-----w- C:\Users\home\AppData\Local\{5A7D3E3E-2BE9-4D31-B85B-BA5D2E6780DB}
2012-07-09 04:03:32 -------- d-----w- C:\Users\home\AppData\Local\{10576BBD-1C8D-4B4F-B3C0-CB10F241DCDE}
2012-07-06 16:54:52 -------- d-----w- C:\Users\home\AppData\Local\{773D2045-D1A8-4925-ACF4-4D7624523EA8}
2012-07-06 16:54:41 -------- d-----w- C:\Users\home\AppData\Local\{D810F041-A25A-4FAC-8C62-788D06CF4771}
2012-07-06 05:48:38 -------- d-----w- C:\Users\home\AppData\Local\{41820217-4771-4B52-86F7-BAA7A74FE4FA}
2012-07-06 05:48:27 -------- d-----w- C:\Users\home\AppData\Local\{FB2AB4C5-15D9-4FC4-809C-8BFD296D98E4}
2012-07-05 16:58:11 -------- d-----w- C:\Users\home\AppData\Local\{0C09979B-4B7E-44E8-B127-11DD4BB3F961}
2012-07-05 16:58:00 -------- d-----w- C:\Users\home\AppData\Local\{F9B2EB31-3C5D-4B57-94B5-9516A55C785E}
2012-07-04 17:10:07 -------- d-----w- C:\Users\home\AppData\Local\{FEDBA601-D84A-455F-8CA5-D000B69D7EC8}
2012-07-04 17:09:55 -------- d-----w- C:\Users\home\AppData\Local\{856A17C6-D338-4FDD-84B7-F29CDA255420}
2012-07-03 17:16:48 -------- d-----w- C:\Users\home\AppData\Local\{99B0083E-5A85-41B7-B070-0822B0492C9D}
2012-07-03 17:16:36 -------- d-----w- C:\Users\home\AppData\Local\{8533D9DA-9956-4E39-9715-13DE20AB7E75}
2012-07-03 04:33:37 -------- d-----w- C:\Users\home\AppData\Local\{AB379DD1-9865-4F67-BA47-3225CCB6AB42}
2012-07-03 04:33:25 -------- d-----w- C:\Users\home\AppData\Local\{2535898B-478E-4408-A054-E067621195CA}
2012-07-02 16:01:41 -------- d-----w- C:\Users\home\AppData\Local\{52C5828B-8205-470A-8402-B0DA617AD863}
2012-07-02 16:01:29 -------- d-----w- C:\Users\home\AppData\Local\{B37B9F10-0CDC-403D-BD88-0FF340EF2B6F}
2012-06-30 17:49:53 -------- d-----w- C:\Users\home\AppData\Local\{77DA6CE3-15E2-421A-9B80-F33CA509B27B}
2012-06-30 17:49:41 -------- d-----w- C:\Users\home\AppData\Local\{61A0D038-7ADA-4374-AED3-FC1CE15C1460}
2012-06-29 18:24:39 -------- d-----w- C:\Users\home\AppData\Local\{DA27CF2F-7EFD-41AB-9545-337613E5B3E0}
2012-06-29 18:24:28 -------- d-----w- C:\Users\home\AppData\Local\{F844F61D-8066-41F5-BCB6-D7CDF9E43342}
2012-06-29 05:32:56 -------- d-----w- C:\Users\home\AppData\Local\{D3C7C923-0FBE-4226-8B48-FCF0AEB958ED}
2012-06-29 05:32:44 -------- d-----w- C:\Users\home\AppData\Local\{927FBF52-39F5-4D59-A3F8-8353C80BEFAB}
2012-06-28 16:29:04 -------- d-----w- C:\Users\home\AppData\Local\{F30D1F10-8E11-42B4-8FDC-18E89468C24A}
2012-06-28 16:28:50 -------- d-----w- C:\Users\home\AppData\Local\{37B9A3F7-2E33-4C65-87C6-06CD211D82B6}
2012-06-27 21:13:37 -------- d-----w- C:\Users\home\AppData\Local\Turbine
2012-06-27 20:56:48 -------- d-----w- C:\Users\home\AppData\Local\ApplicationHistory
2012-06-27 20:54:58 -------- d-----w- C:\windows\SysWow64\URTTEMP
2012-06-27 15:58:36 -------- d-----w- C:\Users\home\AppData\Local\{0E002937-6BDF-4C89-964B-645F1C0CF18E}
2012-06-27 15:58:25 -------- d-----w- C:\Users\home\AppData\Local\{4FAC9C2B-7714-4DBF-9E97-77EFAE6FAE28}
2012-06-27 04:54:45 -------- d-----w- C:\Users\home\AppData\Local\{C4B38A19-2861-4E7C-ADE4-D0362E537102}
2012-06-27 04:54:34 -------- d-----w- C:\Users\home\AppData\Local\{9137B733-3619-4ACB-9B65-705AAB66B442}
2012-06-26 15:50:04 -------- d-----w- C:\Users\home\AppData\Local\{99FF21F8-D3BB-45FE-AF99-07054AF31387}
2012-06-26 15:49:53 -------- d-----w- C:\Users\home\AppData\Local\{B2F03DAB-DE0E-4EAE-B0DC-6D2EFC3C200E}
2012-06-25 19:16:49 -------- d-----w- C:\Users\home\AppData\Local\{A235DD1D-99EA-4A3E-BA99-8DBEAAF22C16}
2012-06-25 19:16:38 -------- d-----w- C:\Users\home\AppData\Local\{9824C0F7-D7CB-4FDF-B2F9-2F9EA86811F7}
2012-06-24 19:38:08 -------- d-----w- C:\Users\home\AppData\Local\{946B5C28-274B-4CE2-AF3E-BB5200A1D88A}
2012-06-24 19:36:04 -------- d-----w- C:\Users\home\AppData\Local\{B563CF4E-0FD3-4F96-A298-0EB11D0E21CD}
2012-06-24 19:35:53 -------- d-----w- C:\Users\home\AppData\Local\{0152CC48-6F31-4363-ABC7-95F64F1A8D94}
2012-06-22 16:20:01 -------- d-----w- C:\windows\en
2012-06-22 16:14:36 -------- d-----w- C:\windows\ar
2012-06-22 16:14:30 -------- d-----w- C:\windows\bg
2012-06-22 16:14:25 -------- d-----w- C:\windows\cs
2012-06-22 16:14:20 -------- d-----w- C:\windows\da
2012-06-22 16:14:14 -------- d-----w- C:\windows\de
2012-06-22 16:14:09 -------- d-----w- C:\windows\el
2012-06-22 16:14:04 -------- d-----w- C:\windows\es
2012-06-22 16:13:58 -------- d-----w- C:\windows\fi
2012-06-22 16:13:52 -------- d-----w- C:\windows\fr
2012-06-22 16:13:47 -------- d-----w- C:\windows\he
2012-06-22 16:13:43 -------- d-----w- C:\windows\hr
2012-06-22 16:13:38 -------- d-----w- C:\windows\hu
2012-06-22 16:13:32 -------- d-----w- C:\windows\it
2012-06-22 16:13:27 -------- d-----w- C:\windows\ko
2012-06-22 16:13:22 -------- d-----w- C:\windows\lt
2012-06-22 16:13:17 -------- d-----w- C:\windows\lv
2012-06-22 16:13:12 -------- d-----w- C:\windows\nl
2012-06-22 16:13:06 -------- d-----w- C:\windows\no
2012-06-22 16:13:01 -------- d-----w- C:\windows\pl
2012-06-22 16:12:55 -------- d-----w- C:\windows\pt-br
2012-06-22 16:12:49 -------- d-----w- C:\windows\pt-pt
2012-06-22 16:12:43 -------- d-----w- C:\windows\ro
2012-06-22 16:12:38 -------- d-----w- C:\windows\ru
2012-06-22 16:12:33 -------- d-----w- C:\windows\sk
2012-06-22 16:12:27 -------- d-----w- C:\windows\sl
2012-06-22 16:12:22 -------- d-----w- C:\windows\sr-latn-cs
2012-06-22 16:12:16 -------- d-----w- C:\windows\sv
2012-06-22 16:12:11 -------- d-----w- C:\windows\th
2012-06-22 16:12:05 -------- d-----w- C:\windows\tr
2012-06-22 16:11:59 -------- d-----w- C:\windows\zh-cn
2012-06-22 16:11:54 -------- d-----w- C:\windows\zh-tw
2012-06-22 15:48:28 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-22 15:48:03 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-22 15:47:49 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-22 15:47:49 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-22 15:40:26 -------- d-----w- C:\Users\home\AppData\Local\{D3008B4E-B4E5-4CD7-8946-B086B2C1AFC8}
2012-06-22 15:40:08 -------- d-----w- C:\Users\home\AppData\Local\{3A0CEAA4-E05B-4696-8280-D59556303818}
2012-06-21 18:54:25 -------- d-----w- C:\Users\home\AppData\Local\{AD3E8903-6F3D-4E96-90E5-E797A2854F2C}
2012-06-21 18:54:11 -------- d-----w- C:\Users\home\AppData\Local\{B17308C1-37D8-41DD-B410-A61FE56FB855}
2012-06-21 09:09:24 -------- d-----w- C:\Users\home\AppData\Local\{191D203A-84F2-4198-8086-14C693AE33A9}
2012-06-21 09:09:13 -------- d-----w- C:\Users\home\AppData\Local\{A7771362-5A08-40CC-9A98-1CA9DA19074D}
2012-06-20 18:48:48 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2012-06-20 18:39:05 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f860ec6f1cd4f1302\MeshBetaRemover.exe
2012-06-20 18:39:04 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\DSETUP.dll
2012-06-20 18:39:04 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\DXSETUP.exe
2012-06-20 18:39:04 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\dsetup32.dll
2012-06-20 18:26:24 -------- d-----w- C:\Users\home\AppData\Local\{A55E1C4E-DE5C-41F5-B820-D5E87FF1D20B}
2012-06-20 18:26:04 -------- d-----w- C:\Users\home\AppData\Local\{39905AAF-941B-44E7-8871-11C6B4327764}
2012-06-19 22:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 18:13:39 -------- d-----w- C:\Users\home\AppData\Local\{27692E45-9194-42C3-BAC4-D1C9786DA516}
2012-06-19 18:13:21 -------- d-----w- C:\Users\home\AppData\Local\{906E22CA-8CDC-46E1-B365-EB847B2921D2}
2012-06-18 17:49:17 -------- d-----w- C:\Users\home\AppData\Local\{40F1A00E-6FB7-4FDC-B615-57D4D709CC88}
2012-06-18 15:59:10 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 15:59:10 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-16 02:04:26 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 12:47:54 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-06-14 12:47:54 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-24 15:47:56 24448 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
2012-05-09 10:18:34 280912 ----a-w- C:\windows\System32\drivers\ETD.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-21 08:12:02 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 21:32:54.30 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 18 July 2012 - 01:06 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Akira Yatsu

Akira Yatsu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 18 July 2012 - 01:52 AM

Thanks a lot Gringo! I'm currently backing up anything necessary.
DeFogger is active
Security check log has been saved if needed.
DDS Logs coming up.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by home at 1:43:20 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3491 [GMT -5:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\lxdncoms.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\PROGRA~2\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\windows\system32\igfxtray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\PROGRAM FILES\LOGITECH\SETPOINTP\SETPOINT.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15387
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\2375942554530373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\2516B6865696460294E636E2 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\43734353 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\55450514D23554455505 : DhcpNameServer = 129.113.38.36 129.113.38.34
TCP: Interfaces\{8C662C2C-8323-4DB3-BDC2-20F9FA143814}\D4F6F6E6265616E637 : DhcpNameServer = 192.168.99.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\1qc0gzhl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4fe03e68-95b8-4019-b962-16fb98a3f36f%7D&mid=0bf457dac2f80c349fbd8fadc9073f84-e081b69803c7312ff1a3d83fe86d5d79533b2bb9&ds=AVG&v=9.0.0.18.1&lang=us&pr=pa&d=2011-11-30%2005%3A29%3A43&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
.
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1324813798
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1324814038
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1324813918
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1324850838
FF - user.js: avg.install.currLocale - us
FF - user.js: avg.install.date - 1322631406000
FF - user.js: avg.install.finished - 9.0.0.18.1
FF - user.js: avg.install.guid - {4fe03e68-95b8-4019-b962-16fb98a3f36f}
FF - user.js: avg.install.installDirPath - C:\\ProgramData\\AVG Secure Search\\9.0.0.18
FF - user.js: avg.install.isDisabled - 1
FF - user.js: avg.install.isHidden - true
FF - user.js: avg.install.lastUpdaterReq - 1322631411000
FF - user.js: avg.install.laststatreq - 1322631411000
FF - user.js: avg.install.migrationComplete - true
FF - user.js: avg.install.newtab - false
FF - user.js: avg.install.overlayVersion - 634569785481041250
FF - user.js: avg.install.updaterInterval - 24
FF - user.js: avg.install.userHPSettings - chrome://branding/locale/browserconfig.properties
FF - user.js: avg.install.userSPSettings - Google
FF - user.js: avg.userPreferences.newtabDisabledByUser - true
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - C:\\Users\\home\\Pictures
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.startup.homepage - hxxps://www.google.com/
FF - user.js: browser.startup.homepage_override.buildID - 20111120135848
FF - user.js: browser.startup.homepage_override.mstone - rv:8.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.8.0.1
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.avg@igeared.install-event-fired - true
FF - user.js: extensions.avg@toolbar.install-event-fired - true
FF - user.js: extensions.blocklist.pingCountTotal - 24
FF - user.js: extensions.blocklist.pingCountVersion - 24
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0.1
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\avg@toolbar\:{\descriptor\:\C:\\\\ProgramData\\\\AVG Secure Search\\\\9.0.0.18\,\mtime\:1322653006326}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1322357629759}}},{\name\:\app-profile\,\addons\:{\toolbar@ask.com\:{\descriptor\:\C:\\\\Users\\\\home\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1qc0gzhl.default\\\\extensions\\\\toolbar@ask.com\,\mtime\:1323021597109}}}]
FF - user.js: extensions.lastAppVersion - 8.0.1
FF - user.js: extensions.lastPlatformVersion - 8.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: font.name.serif.x-western - Arial
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1324555781
FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8
FF - user.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4fe03e68-95b8-4019-b962-16fb98a3f36f%7D&mid=0bf457dac2f80c349fbd8fadc9073f84-e081b69803c7312ff1a3d83fe86d5d79533b2bb9&ds=AVG&v=9.0.0.18.1&lang=us&pr=pa&d=2011-11-30%2005%3A29%3A43&sap=ku&q=
FF - user.js: lightweightThemes.isThemeSelected - true
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\313089\,\name\:\Opeth - Black Backdrop\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/9/313089/Opeth_Black_Header.jpg?1287261966\,\footerURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/Opeth_Black_Footer.jpg?1287261966\,\textcolor\:\#ffffff\,\accentcolor\:\#000000\,\iconURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/preview_small.jpg?1287261966\,\previewURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/preview.jpg?1287261966\,\author\:\Metal Desktops\,\description\:\Opeth's logo on a black backdrop\,\updateURL\:\https://www.getpersonas.com/en-US/update_check/313089\,\version\:\1287261966\,\updateDate\:1322461330745,\installDate\:1322358109234}]
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 0
FF - user.js: places.database.lastMaintenance - 1324555781
FF - user.js: places.history.expiration.transient_current_max_pages - 190553
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: print_printer - Lexmark 2600 Series
FF - user.js: printer_Lexmark_2600_Series.print_bgcolor - false
FF - user.js: printer_Lexmark_2600_Series.print_bgimages - false
FF - user.js: printer_Lexmark_2600_Series.print_colorspace -
FF - user.js: printer_Lexmark_2600_Series.print_command -
FF - user.js: printer_Lexmark_2600_Series.print_downloadfonts - false
FF - user.js: printer_Lexmark_2600_Series.print_edge_bottom - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_left - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_right - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_top - 0
FF - user.js: printer_Lexmark_2600_Series.print_evenpages - true
FF - user.js: printer_Lexmark_2600_Series.print_footercenter -
FF - user.js: printer_Lexmark_2600_Series.print_footerleft - &PT
FF - user.js: printer_Lexmark_2600_Series.print_footerright - &D
FF - user.js: printer_Lexmark_2600_Series.print_headercenter -
FF - user.js: printer_Lexmark_2600_Series.print_headerleft - &T
FF - user.js: printer_Lexmark_2600_Series.print_headerright - &U
FF - user.js: printer_Lexmark_2600_Series.print_in_color - true
FF - user.js: printer_Lexmark_2600_Series.print_margin_bottom - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_left - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_right - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_top - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_oddpages - true
FF - user.js: printer_Lexmark_2600_Series.print_orientation - 0
FF - user.js: printer_Lexmark_2600_Series.print_page_delay - 50
FF - user.js: printer_Lexmark_2600_Series.print_paper_data - 1
FF - user.js: printer_Lexmark_2600_Series.print_paper_height - 11.00
FF - user.js: printer_Lexmark_2600_Series.print_paper_name -
FF - user.js: printer_Lexmark_2600_Series.print_paper_size_type - 0
FF - user.js: printer_Lexmark_2600_Series.print_paper_size_unit - 0
FF - user.js: printer_Lexmark_2600_Series.print_paper_width - 8.50
FF - user.js: printer_Lexmark_2600_Series.print_plex_name -
FF - user.js: printer_Lexmark_2600_Series.print_resolution_name -
FF - user.js: printer_Lexmark_2600_Series.print_reversed - false
FF - user.js: printer_Lexmark_2600_Series.print_scaling - 1.00
FF - user.js: printer_Lexmark_2600_Series.print_shrink_to_fit - true
FF - user.js: printer_Lexmark_2600_Series.print_to_file - false
FF - user.js: printer_Lexmark_2600_Series.print_to_filename -
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_left - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_right - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_top - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_colorspace -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_command -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footercenter -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headercenter -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_page_delay - 50
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_data - 1
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_plex_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_resolution_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_to_filename -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1322359682
FF - user.js: toolkit.telemetry.prompted - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324949738
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\windows\system32\Drivers\AVGIDSwa.sys --> C:\windows\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\windows\system32\Drivers\avgrkx64.sys --> C:\windows\system32\Drivers\avgrkx64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\windows\system32\Drivers\avgldx64.sys --> C:\windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\windows\system32\Drivers\avgmfx64.sys --> C:\windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\windows\system32\Drivers\avgtdia.sys --> C:\windows\system32\Drivers\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-26 913792]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2011-11-26 921952]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-11-26 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2011-11-26 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-11-26 5897808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-13 498688]
R2 lxdn_device;lxdn_device;C:\windows\system32\lxdncoms.exe -service --> C:\windows\system32\lxdncoms.exe -service [?]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-6-2 31624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-17 2673064]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-29 2656536]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-13 986112]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\system32\DRIVERS\asmthub3.sys --> C:\windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\system32\DRIVERS\asmtxhci.sys --> C:\windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2011-11-26 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2011-11-26 35920]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\windows\system32\DRIVERS\igdpmd64.sys --> C:\windows\system32\DRIVERS\igdpmd64.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\system32\DRIVERS\LEqdUsb.Sys --> C:\windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\system32\DRIVERS\LHidEqd.Sys --> C:\windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-26 167264]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-31 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-18 03:00:32 -------- d-----w- C:\Users\home\temp
2012-07-18 03:00:29 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-07-18 02:03:30 -------- d-----w- C:\Users\home\AppData\Local\{8422228C-D71C-4381-B6A7-28D7DBEA26A4}
2012-07-18 02:03:18 -------- d-----w- C:\Users\home\AppData\Local\{EA1B86C9-0F6C-4060-B5FB-5ADBC1576BF3}
2012-07-18 00:14:49 -------- d-----w- C:\Users\home\AppData\Local\{D36AD167-5716-4A84-83D5-668AE985793C}
2012-07-18 00:14:36 -------- d-----w- C:\Users\home\AppData\Local\{B84CBB20-677A-47AB-BAB0-49198F8D6118}
2012-07-17 01:25:42 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-16 02:04:26 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 02:00:03 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-07-15 15:07:12 -------- d-----w- C:\Users\home\AppData\Local\{B47692A4-7386-480E-8BA7-D8ECDF86786C}
2012-07-15 15:07:00 -------- d-----w- C:\Users\home\AppData\Local\{BB8719DD-C8A0-4962-B930-2685A23F0603}
2012-07-13 16:20:24 -------- d-----w- C:\Users\home\AppData\Local\{CC2A7284-EC7D-4D10-A8A0-F2339C807EF9}
2012-07-13 16:20:12 -------- d-----w- C:\Users\home\AppData\Local\{64349DA0-E8D6-4740-8B55-03449B433085}
2012-07-13 04:38:39 -------- d-----w- C:\Users\home\AppData\Local\{05233807-8F77-4013-9390-3A3515DACB1C}
2012-07-13 04:38:27 -------- d-----w- C:\Users\home\AppData\Local\{40DCD986-E074-4750-8039-A975CEB9B05D}
2012-07-12 16:30:59 -------- d-----w- C:\Users\home\AppData\Local\{2B9BE380-4705-4EBF-AAB5-3B634D349E09}
2012-07-12 16:30:45 -------- d-----w- C:\Users\home\AppData\Local\{20C417EC-DFB6-45A3-B9F8-5879C86DCE0A}
2012-07-12 08:05:24 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 19:15:52 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 14:41:12 -------- d-----w- C:\Users\home\AppData\Local\{195A8558-C67D-4ED0-880E-C68CDF39B304}
2012-07-11 14:41:01 -------- d-----w- C:\Users\home\AppData\Local\{1072D0CB-C84D-4AED-A521-99D1742AB948}
2012-07-10 16:51:28 -------- d-----w- C:\Users\home\AppData\Local\{E07BFCA5-84E0-411D-AA34-10466B8A7F02}
2012-07-10 16:51:16 -------- d-----w- C:\Users\home\AppData\Local\{05E7175C-99FB-41FC-ADAC-0319506CD2E5}
2012-07-09 16:19:07 -------- d-----w- C:\Users\home\AppData\Local\{DE5A77CE-47D9-4853-8A55-3DDEF834335F}
2012-07-09 16:18:56 -------- d-----w- C:\Users\home\AppData\Local\{24D2604A-5152-454A-8919-31206A662365}
2012-07-09 04:03:46 -------- d-----w- C:\Users\home\AppData\Local\{5A7D3E3E-2BE9-4D31-B85B-BA5D2E6780DB}
2012-07-09 04:03:32 -------- d-----w- C:\Users\home\AppData\Local\{10576BBD-1C8D-4B4F-B3C0-CB10F241DCDE}
2012-07-06 16:54:52 -------- d-----w- C:\Users\home\AppData\Local\{773D2045-D1A8-4925-ACF4-4D7624523EA8}
2012-07-06 16:54:41 -------- d-----w- C:\Users\home\AppData\Local\{D810F041-A25A-4FAC-8C62-788D06CF4771}
2012-07-06 05:48:38 -------- d-----w- C:\Users\home\AppData\Local\{41820217-4771-4B52-86F7-BAA7A74FE4FA}
2012-07-06 05:48:27 -------- d-----w- C:\Users\home\AppData\Local\{FB2AB4C5-15D9-4FC4-809C-8BFD296D98E4}
2012-07-05 16:58:11 -------- d-----w- C:\Users\home\AppData\Local\{0C09979B-4B7E-44E8-B127-11DD4BB3F961}
2012-07-05 16:58:00 -------- d-----w- C:\Users\home\AppData\Local\{F9B2EB31-3C5D-4B57-94B5-9516A55C785E}
2012-07-04 17:10:07 -------- d-----w- C:\Users\home\AppData\Local\{FEDBA601-D84A-455F-8CA5-D000B69D7EC8}
2012-07-04 17:09:55 -------- d-----w- C:\Users\home\AppData\Local\{856A17C6-D338-4FDD-84B7-F29CDA255420}
2012-07-03 17:16:48 -------- d-----w- C:\Users\home\AppData\Local\{99B0083E-5A85-41B7-B070-0822B0492C9D}
2012-07-03 17:16:36 -------- d-----w- C:\Users\home\AppData\Local\{8533D9DA-9956-4E39-9715-13DE20AB7E75}
2012-07-03 04:33:37 -------- d-----w- C:\Users\home\AppData\Local\{AB379DD1-9865-4F67-BA47-3225CCB6AB42}
2012-07-03 04:33:25 -------- d-----w- C:\Users\home\AppData\Local\{2535898B-478E-4408-A054-E067621195CA}
2012-07-02 16:01:41 -------- d-----w- C:\Users\home\AppData\Local\{52C5828B-8205-470A-8402-B0DA617AD863}
2012-07-02 16:01:29 -------- d-----w- C:\Users\home\AppData\Local\{B37B9F10-0CDC-403D-BD88-0FF340EF2B6F}
2012-06-30 17:49:53 -------- d-----w- C:\Users\home\AppData\Local\{77DA6CE3-15E2-421A-9B80-F33CA509B27B}
2012-06-30 17:49:41 -------- d-----w- C:\Users\home\AppData\Local\{61A0D038-7ADA-4374-AED3-FC1CE15C1460}
2012-06-29 18:24:39 -------- d-----w- C:\Users\home\AppData\Local\{DA27CF2F-7EFD-41AB-9545-337613E5B3E0}
2012-06-29 18:24:28 -------- d-----w- C:\Users\home\AppData\Local\{F844F61D-8066-41F5-BCB6-D7CDF9E43342}
2012-06-29 05:32:56 -------- d-----w- C:\Users\home\AppData\Local\{D3C7C923-0FBE-4226-8B48-FCF0AEB958ED}
2012-06-29 05:32:44 -------- d-----w- C:\Users\home\AppData\Local\{927FBF52-39F5-4D59-A3F8-8353C80BEFAB}
2012-06-28 16:29:04 -------- d-----w- C:\Users\home\AppData\Local\{F30D1F10-8E11-42B4-8FDC-18E89468C24A}
2012-06-28 16:28:50 -------- d-----w- C:\Users\home\AppData\Local\{37B9A3F7-2E33-4C65-87C6-06CD211D82B6}
2012-06-27 21:13:37 -------- d-----w- C:\Users\home\AppData\Local\Turbine
2012-06-27 20:56:48 -------- d-----w- C:\Users\home\AppData\Local\ApplicationHistory
2012-06-27 20:54:58 -------- d-----w- C:\windows\SysWow64\URTTEMP
2012-06-27 15:58:36 -------- d-----w- C:\Users\home\AppData\Local\{0E002937-6BDF-4C89-964B-645F1C0CF18E}
2012-06-27 15:58:25 -------- d-----w- C:\Users\home\AppData\Local\{4FAC9C2B-7714-4DBF-9E97-77EFAE6FAE28}
2012-06-27 04:54:45 -------- d-----w- C:\Users\home\AppData\Local\{C4B38A19-2861-4E7C-ADE4-D0362E537102}
2012-06-27 04:54:34 -------- d-----w- C:\Users\home\AppData\Local\{9137B733-3619-4ACB-9B65-705AAB66B442}
2012-06-26 15:50:04 -------- d-----w- C:\Users\home\AppData\Local\{99FF21F8-D3BB-45FE-AF99-07054AF31387}
2012-06-26 15:49:53 -------- d-----w- C:\Users\home\AppData\Local\{B2F03DAB-DE0E-4EAE-B0DC-6D2EFC3C200E}
2012-06-25 19:16:49 -------- d-----w- C:\Users\home\AppData\Local\{A235DD1D-99EA-4A3E-BA99-8DBEAAF22C16}
2012-06-25 19:16:38 -------- d-----w- C:\Users\home\AppData\Local\{9824C0F7-D7CB-4FDF-B2F9-2F9EA86811F7}
2012-06-24 19:38:08 -------- d-----w- C:\Users\home\AppData\Local\{946B5C28-274B-4CE2-AF3E-BB5200A1D88A}
2012-06-24 19:36:04 -------- d-----w- C:\Users\home\AppData\Local\{B563CF4E-0FD3-4F96-A298-0EB11D0E21CD}
2012-06-24 19:35:53 -------- d-----w- C:\Users\home\AppData\Local\{0152CC48-6F31-4363-ABC7-95F64F1A8D94}
2012-06-22 16:20:01 -------- d-----w- C:\windows\en
2012-06-22 16:14:36 -------- d-----w- C:\windows\ar
2012-06-22 16:14:30 -------- d-----w- C:\windows\bg
2012-06-22 16:14:25 -------- d-----w- C:\windows\cs
2012-06-22 16:14:20 -------- d-----w- C:\windows\da
2012-06-22 16:14:14 -------- d-----w- C:\windows\de
2012-06-22 16:14:09 -------- d-----w- C:\windows\el
2012-06-22 16:14:04 -------- d-----w- C:\windows\es
2012-06-22 16:13:58 -------- d-----w- C:\windows\fi
2012-06-22 16:13:52 -------- d-----w- C:\windows\fr
2012-06-22 16:13:47 -------- d-----w- C:\windows\he
2012-06-22 16:13:43 -------- d-----w- C:\windows\hr
2012-06-22 16:13:38 -------- d-----w- C:\windows\hu
2012-06-22 16:13:32 -------- d-----w- C:\windows\it
2012-06-22 16:13:27 -------- d-----w- C:\windows\ko
2012-06-22 16:13:22 -------- d-----w- C:\windows\lt
2012-06-22 16:13:17 -------- d-----w- C:\windows\lv
2012-06-22 16:13:12 -------- d-----w- C:\windows\nl
2012-06-22 16:13:06 -------- d-----w- C:\windows\no
2012-06-22 16:13:01 -------- d-----w- C:\windows\pl
2012-06-22 16:12:55 -------- d-----w- C:\windows\pt-br
2012-06-22 16:12:49 -------- d-----w- C:\windows\pt-pt
2012-06-22 16:12:43 -------- d-----w- C:\windows\ro
2012-06-22 16:12:38 -------- d-----w- C:\windows\ru
2012-06-22 16:12:33 -------- d-----w- C:\windows\sk
2012-06-22 16:12:27 -------- d-----w- C:\windows\sl
2012-06-22 16:12:22 -------- d-----w- C:\windows\sr-latn-cs
2012-06-22 16:12:16 -------- d-----w- C:\windows\sv
2012-06-22 16:12:11 -------- d-----w- C:\windows\th
2012-06-22 16:12:05 -------- d-----w- C:\windows\tr
2012-06-22 16:11:59 -------- d-----w- C:\windows\zh-cn
2012-06-22 16:11:54 -------- d-----w- C:\windows\zh-tw
2012-06-22 15:48:28 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-22 15:48:03 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-22 15:47:49 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-22 15:47:49 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-22 15:40:26 -------- d-----w- C:\Users\home\AppData\Local\{D3008B4E-B4E5-4CD7-8946-B086B2C1AFC8}
2012-06-22 15:40:08 -------- d-----w- C:\Users\home\AppData\Local\{3A0CEAA4-E05B-4696-8280-D59556303818}
2012-06-21 18:54:25 -------- d-----w- C:\Users\home\AppData\Local\{AD3E8903-6F3D-4E96-90E5-E797A2854F2C}
2012-06-21 18:54:11 -------- d-----w- C:\Users\home\AppData\Local\{B17308C1-37D8-41DD-B410-A61FE56FB855}
2012-06-21 09:09:24 -------- d-----w- C:\Users\home\AppData\Local\{191D203A-84F2-4198-8086-14C693AE33A9}
2012-06-21 09:09:13 -------- d-----w- C:\Users\home\AppData\Local\{A7771362-5A08-40CC-9A98-1CA9DA19074D}
2012-06-20 18:48:48 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2012-06-20 18:39:05 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f860ec6f1cd4f1302\MeshBetaRemover.exe
2012-06-20 18:39:04 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\DSETUP.dll
2012-06-20 18:39:04 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\DXSETUP.exe
2012-06-20 18:39:04 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\dsetup32.dll
2012-06-20 18:26:24 -------- d-----w- C:\Users\home\AppData\Local\{A55E1C4E-DE5C-41F5-B820-D5E87FF1D20B}
2012-06-20 18:26:04 -------- d-----w- C:\Users\home\AppData\Local\{39905AAF-941B-44E7-8871-11C6B4327764}
2012-06-19 22:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 18:13:39 -------- d-----w- C:\Users\home\AppData\Local\{27692E45-9194-42C3-BAC4-D1C9786DA516}
2012-06-19 18:13:21 -------- d-----w- C:\Users\home\AppData\Local\{906E22CA-8CDC-46E1-B365-EB847B2921D2}
2012-06-18 17:49:17 -------- d-----w- C:\Users\home\AppData\Local\{40F1A00E-6FB7-4FDC-B615-57D4D709CC88}
2012-06-18 15:59:10 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 15:59:10 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-16 02:04:26 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 12:47:54 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-06-14 12:47:54 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-24 15:47:56 24448 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
2012-05-09 10:18:34 280912 ----a-w- C:\windows\System32\drivers\ETD.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-21 08:12:02 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 1:43:55.55 ===============


.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/28/2011 11:21:17 AM
System Uptime: 7/17/2012 9:00:22 PM (4 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 700Z3A/700Z4A/700Z5A/700Z5B
Processor: Intel® Core™ i7-2675QM CPU @ 2.20GHz | CPU | 2178/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 272 GiB total, 126.948 GiB free.
D: is FIXED (NTFS) - 407 GiB total, 376.584 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 108.172 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP128: 7/6/2012 2:30:48 PM - Scheduled Checkpoint
RP129: 7/12/2012 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?? Messenger
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
µTorrent
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Advanced SystemCare 5
Agatha Christie - Death on the Nile
Alice: Madness Returns
Amazon MP3 Downloader 1.0.15
„Messenger“ pagalbine priemone
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
aTube Catcher
aTube Toolbar
AVG 9.0
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
„Windows Live Messenger“
„Windows Live“ fotogalerija
Bastion
Bejeweled 2 Deluxe
Best Buy Connect
Best Buy pc app
Bing Bar
Build-a-lot
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Complemento Messenger
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Diablo III
Diner Dash 2 Restaurant Rescue
Doplnok programu Messenger
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801
Easy File Share
Easy Migration
Easy Settings
Easy Software Manager
Easy Support Center 1.0
eReg
Farm Frenzy
Fiesta
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Insaniquarium Deluxe
Intel PROSet Wireless
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® WiDi
Interactive Guide
Jamestown
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
John Deere Drive Green
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
League of Legends
LIMBO
LOLReplay
Magicka
McAfee Security Scan Plus
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft .NET Framework 1.1
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Niña Que Llora (Llorando)
NightSky
Norton Online Backup
OpenAL
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Pando Media Booster
Peggle
Penguins!
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pomocnik Messenger
Pošta Windows Live
PX Profile Update
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Rusty Hearts
S?????? f?t???af??? t?? Windows Live
Samsung Kies
Samsung Recovery Solution 5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
Smart Defrag 2
Software Launcher
Spremljevalec Messenger
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Steam
Super Meat Boy
Super Meat Boy Editor
Team Fortress 2
TeamViewer 7
The Elder Scrolls V: Skyrim
Titan Quest
Titan Quest: Immortal Throne
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
uTorrentBar Toolbar
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.11
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/18/2012 12:06:41 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/18/2012 12:06:41 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/17/2012 9:02:35 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/17/2012 9:02:16 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/17/2012 9:02:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
7/17/2012 9:02:06 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/17/2012 7:18:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/17/2012 7:18:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/17/2012 7:18:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/17/2012 7:18:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/17/2012 7:18:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 AvgMfx64 discache SABI spldr Wanarpv6
7/17/2012 7:18:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 7:18:12 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 7:14:22 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/17/2012 7:14:22 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
7/17/2012 7:11:22 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/17/2012 7:11:22 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/17/2012 7:11:22 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
7/17/2012 7:11:22 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
7/17/2012 7:11:22 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
7/17/2012 7:11:22 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
7/17/2012 7:11:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/17/2012 7:11:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/17/2012 7:11:16 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/17/2012 7:03:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 7:03:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/17/2012 7:03:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/17/2012 7:02:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd AvgLdx64 AvgMfx64 AvgTdiA DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SABI spldr tdx VWiFiFlt Wanarpv6 WfpLwf
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/17/2012 7:02:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

.

Computer still infected (just for informing), getting pop-ups from AVG every 30mins/1hr about the same Trojan_Patched and sometimes some other strange ones, will post when shown for information, if needed.
Computer running normally, although some programs I regularly use (I.E. League of legends) run slowly, some lag on fraps that regularly move smoothly.

Havent moved anything else but the files I'm backing up.


Thanks again! I really appreciate this!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 18 July 2012 - 01:57 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Akira Yatsu

Akira Yatsu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 18 July 2012 - 03:46 AM

Combofix done.
Log continues

ComboFix 12-07-16.01 - home 07/18/2012 3:02.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4243 [GMT -5:00]
Running from: c:\users\home\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\@
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\L\00000004.@
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\L\1afb2d56
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\L\201d3dde
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\U\00000004.@
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\U\00000008.@
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\U\000000cb.@
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\U\80000000.@
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\U\80000032.@
c:\windows\Installer\{6cbfe87b-c598-97dc-bbf5-a3b11478a81b}\U\80000064.@
c:\windows\SysWow64\Dump
c:\windows\SysWow64\Dump\MiniDump.dmp
c:\windows\SysWow64\muzapp.exe
F:\Autorun.inf
F:\Setup.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 08:09 . 2012-07-18 08:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 07:44 . 2012-07-18 07:44 -------- d-----w- c:\users\home\AppData\Roaming\AVG9
2012-07-18 03:00 . 2012-07-18 03:00 -------- d-----w- c:\users\home\temp
2012-07-18 03:00 . 2012-07-18 03:00 -------- d-----w- c:\program files (x86)\TeamViewer
2012-07-17 01:25 . 2012-07-17 01:25 -------- d-----w- c:\program files (x86)\ESET
2012-07-17 01:08 . 2012-07-17 01:08 -------- d-----w- c:\windows\Sun
2012-07-16 02:04 . 2012-07-16 02:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 02:00 . 2012-07-16 02:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 08:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 19:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-30 22:30 . 2012-06-30 22:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-27 21:13 . 2012-06-28 03:48 -------- d-----w- c:\users\home\AppData\Local\Turbine
2012-06-27 20:56 . 2012-07-05 03:18 -------- d-----w- c:\users\home\AppData\Local\ApplicationHistory
2012-06-27 20:54 . 2012-06-27 20:54 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-22 16:20 . 2012-06-22 16:20 -------- d-----w- c:\windows\en
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\ar
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\bg
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\cs
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\da
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\de
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\el
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\es
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\fi
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\fr
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\he
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\hr
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\hu
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\it
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\ko
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\lt
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\lv
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\nl
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\no
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\pl
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\pt-br
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\pt-pt
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\ro
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\ru
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\sk
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\sl
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\sr-latn-cs
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\sv
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\th
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\tr
2012-06-22 16:11 . 2012-06-22 16:11 -------- d-----w- c:\windows\zh-cn
2012-06-22 16:11 . 2012-06-22 16:11 -------- d-----w- c:\windows\zh-tw
2012-06-22 15:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 15:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 15:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 15:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 15:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 15:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 15:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 15:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 15:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 18:48 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-20 18:39 . 2012-06-20 18:39 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f860ec6f1cd4f1302\MeshBetaRemover.exe
2012-06-20 18:39 . 2012-06-20 18:39 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\DSETUP.dll
2012-06-20 18:39 . 2012-06-20 18:39 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\DXSETUP.exe
2012-06-20 18:39 . 2012-06-20 18:39 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7ec49021cd4f1301\dsetup32.dll
2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-18 15:59 . 2012-06-18 15:59 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 15:59 . 2012-06-18 15:59 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 02:04 . 2011-11-27 01:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 12:47 . 2012-06-14 12:47 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-14 12:47 . 2012-06-14 12:47 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-24 15:47 . 2011-11-30 20:02 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-19 19:15 . 2012-05-19 19:15 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-09 10:18 . 2012-05-09 10:18 280912 ----a-w- c:\windows\system32\drivers\ETD.sys
2012-05-04 11:06 . 2012-06-14 01:16 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 01:16 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 01:16 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 01:16 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 01:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 01:16 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 01:16 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 01:16 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 01:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 01:15 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 01:15 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 01:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 01:15 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 01:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-21 08:12 . 2011-11-28 05:47 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 20:16 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 01:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-08 36960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005; [x]
R3 X6va008;X6va008; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [2011-11-27 27216]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2011-11-27 56008]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-11-27 29976]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2011-11-27 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-11-27 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-11-27 317520]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-27 204288]
S2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2011-11-27 921952]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2011-11-27 308136]
S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2011-11-27 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-02-13 31624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-27 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-27 309760]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2011-11-27 132688]
S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2011-11-27 35920]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-05-09 280912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-04 12262624]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15387
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\1qc0gzhl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4fe03e68-95b8-4019-b962-16fb98a3f36f%7D&mid=0bf457dac2f80c349fbd8fadc9073f84-e081b69803c7312ff1a3d83fe86d5d79533b2bb9&ds=AVG&v=9.0.0.18.1&lang=us&pr=pa&d=2011-11-30%2005%3A29%3A43&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1324813798
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1324814038
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1324813918
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1324850838
FF - user.js: avg.install.currLocale - us
FF - user.js: avg.install.date - 1322631406000
FF - user.js: avg.install.finished - 9.0.0.18.1
FF - user.js: avg.install.guid - {4fe03e68-95b8-4019-b962-16fb98a3f36f}
FF - user.js: avg.install.installDirPath - c:\\ProgramData\\AVG Secure Search\\9.0.0.18
FF - user.js: avg.install.isDisabled - 1
FF - user.js: avg.install.isHidden - true
FF - user.js: avg.install.lastUpdaterReq - 1322631411000
FF - user.js: avg.install.laststatreq - 1322631411000
FF - user.js: avg.install.migrationComplete - true
FF - user.js: avg.install.newtab - false
FF - user.js: avg.install.overlayVersion - 634569785481041250
FF - user.js: avg.install.updaterInterval - 24
FF - user.js: avg.install.userHPSettings - chrome://branding/locale/browserconfig.properties
FF - user.js: avg.install.userSPSettings - Google
FF - user.js: avg.userPreferences.newtabDisabledByUser - true
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - c:\\Users\\home\\Pictures
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.startup.homepage - hxxps://www.google.com/
FF - user.js: browser.startup.homepage_override.buildID - 20111120135848
FF - user.js: browser.startup.homepage_override.mstone - rv:8.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.8.0.1
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.avg@igeared.install-event-fired - true
FF - user.js: extensions.avg@toolbar.install-event-fired - true
FF - user.js: extensions.blocklist.pingCountTotal - 24
FF - user.js: extensions.blocklist.pingCountVersion - 24
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0.1
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\avg@toolbar\:{\descriptor\:\c:\\\\ProgramData\\\\AVG Secure Search\\\\9.0.0.18\,\mtime\:1322653006326}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1322357629759}}},{\name\:\app-profile\,\addons\:{\toolbar@ask.com\:{\descriptor\:\c:\\\\Users\\\\home\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1qc0gzhl.default\\\\extensions\\\\toolbar@ask.com\,\mtime\:1323021597109}}}]
FF - user.js: extensions.lastAppVersion - 8.0.1
FF - user.js: extensions.lastPlatformVersion - 8.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: font.name.serif.x-western - Arial
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1324555781
FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8
FF - user.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4fe03e68-95b8-4019-b962-16fb98a3f36f%7D&mid=0bf457dac2f80c349fbd8fadc9073f84-e081b69803c7312ff1a3d83fe86d5d79533b2bb9&ds=AVG&v=9.0.0.18.1&lang=us&pr=pa&d=2011-11-30%2005%3A29%3A43&sap=ku&q=
FF - user.js: lightweightThemes.isThemeSelected - true
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\313089\,\name\:\opeth - black backdrop\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/9/313089/opeth_black_header.jpg?1287261966\,\footerURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/opeth_black_footer.jpg?1287261966\,\textcolor\:\#ffffff\,\accentcolor\:\#000000\,\iconURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/preview_small.jpg?1287261966\,\previewURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/preview.jpg?1287261966\,\author\:\metal desktops\,\description\:\opeth's logo on a black backdrop\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/313089\,\version\:\1287261966\,\updateDate\:1322461330745,\installDate\:1322358109234}]
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 0
FF - user.js: places.database.lastMaintenance - 1324555781
FF - user.js: places.history.expiration.transient_current_max_pages - 190553
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: print_printer - Lexmark 2600 Series
FF - user.js: printer_Lexmark_2600_Series.print_bgcolor - false
FF - user.js: printer_Lexmark_2600_Series.print_bgimages - false
FF - user.js: printer_Lexmark_2600_Series.print_colorspace -
FF - user.js: printer_Lexmark_2600_Series.print_command -
FF - user.js: printer_Lexmark_2600_Series.print_downloadfonts - false
FF - user.js: printer_Lexmark_2600_Series.print_edge_bottom - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_left - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_right - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_top - 0
FF - user.js: printer_Lexmark_2600_Series.print_evenpages - true
FF - user.js: printer_Lexmark_2600_Series.print_footercenter -
FF - user.js: printer_Lexmark_2600_Series.print_footerleft - &PT
FF - user.js: printer_Lexmark_2600_Series.print_footerright - &D
FF - user.js: printer_Lexmark_2600_Series.print_headercenter -
FF - user.js: printer_Lexmark_2600_Series.print_headerleft - &T
FF - user.js: printer_Lexmark_2600_Series.print_headerright - &U
FF - user.js: printer_Lexmark_2600_Series.print_in_color - true
FF - user.js: printer_Lexmark_2600_Series.print_margin_bottom - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_left - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_right - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_top - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_oddpages - true
FF - user.js: printer_Lexmark_2600_Series.print_orientation - 0
FF - user.js: printer_Lexmark_2600_Series.print_page_delay - 50
FF - user.js: printer_Lexmark_2600_Series.print_paper_data - 1
FF - user.js: printer_Lexmark_2600_Series.print_paper_height - 11.00
FF - user.js: printer_Lexmark_2600_Series.print_paper_name -
FF - user.js: printer_Lexmark_2600_Series.print_paper_size_type - 0
FF - user.js: printer_Lexmark_2600_Series.print_paper_size_unit - 0
FF - user.js: printer_Lexmark_2600_Series.print_paper_width - 8.50
FF - user.js: printer_Lexmark_2600_Series.print_plex_name -
FF - user.js: printer_Lexmark_2600_Series.print_resolution_name -
FF - user.js: printer_Lexmark_2600_Series.print_reversed - false
FF - user.js: printer_Lexmark_2600_Series.print_scaling - 1.00
FF - user.js: printer_Lexmark_2600_Series.print_shrink_to_fit - true
FF - user.js: printer_Lexmark_2600_Series.print_to_file - false
FF - user.js: printer_Lexmark_2600_Series.print_to_filename -
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_left - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_right - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_top - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_colorspace -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_command -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footercenter -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headercenter -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_page_delay - 50
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_data - 1
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_plex_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_resolution_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_to_filename -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1322359682
FF - user.js: toolkit.telemetry.prompted - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324949738
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-uTorrentBar Toolbar - c:\program files (x86)\uTorrentBar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\progra~2\AVG\AVG9\avgtray.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe
c:\program files (x86)\Samsung\Kies\KiesHelper.exe
c:\program files (x86)\AVG\AVG9\avgam.exe
c:\program files (x86)\AVG\AVG9\avgcsrvx.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
c:\program files (x86)\Samsung\Easy Settings\SmartSetting.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\LOLReplay\LOLRecorder.exe
c:\program files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe
c:\program files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
.
**************************************************************************
.
Completion time: 2012-07-18 03:18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 08:18
.
Pre-Run: 136,467,922,944 bytes free
Post-Run: 136,231,186,432 bytes free
.
- - End Of File - - 633B3C6BCC92098789118772E747969F

I had a strange behavior right after the log was created. I tried to open my firefox in order to post this, but it sent me a strange message that said that

c:\(file) has been meant for deletion.

It deleted my firefox icon on my taskbar, and it would not let me open anything in my lap.
I decided to reboot to see if it was only a mistake by combofix.
It worked, I'm on my lap now and it seems to be working fine, no pop-ups in the last 15 mins i've been here, AVG on, Windows firewall on, AVG antispyware/firewall on.
Everything seems fine, except for that strange thing that happened before.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 18 July 2012 - 04:02 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Akira Yatsu

Akira Yatsu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 18 July 2012 - 03:39 PM

Alright! Done! Everything seems back to normal! :D

Here's the reports

15:04:46.0112 4316 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:04:46.0517 4316 ============================================================
15:04:46.0517 4316 Current date / time: 2012/07/18 15:04:46.0517
15:04:46.0517 4316 SystemInfo:
15:04:46.0517 4316
15:04:46.0517 4316 OS Version: 6.1.7601 ServicePack: 1.0
15:04:46.0517 4316 Product type: Workstation
15:04:46.0517 4316 ComputerName: HOME-PC
15:04:46.0517 4316 UserName: home
15:04:46.0517 4316 Windows directory: C:\windows
15:04:46.0517 4316 System windows directory: C:\windows
15:04:46.0517 4316 Running under WOW64
15:04:46.0517 4316 Processor architecture: Intel x64
15:04:46.0517 4316 Number of processors: 8
15:04:46.0517 4316 Page size: 0x1000
15:04:46.0517 4316 Boot type: Normal boot
15:04:46.0517 4316 ============================================================
15:04:47.0079 4316 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
15:04:47.0094 4316 ============================================================
15:04:47.0094 4316 \Device\Harddisk0\DR0:
15:04:47.0094 4316 MBR partitions:
15:04:47.0094 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:04:47.0094 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x22000000
15:04:47.0110 4316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x22033000, BlocksNum 0x32D82800
15:04:47.0110 4316 ============================================================
15:04:47.0172 4316 C: <-> \Device\Harddisk0\DR0\Partition1
15:04:47.0204 4316 D: <-> \Device\Harddisk0\DR0\Partition2
15:04:47.0204 4316 ============================================================
15:04:47.0204 4316 Initialize success
15:04:47.0204 4316 ============================================================
15:04:58.0670 1680 ============================================================
15:04:58.0670 1680 Scan started
15:04:58.0670 1680 Mode: Manual;
15:04:58.0670 1680 ============================================================
15:05:00.0510 1680 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
15:05:00.0510 1680 1394ohci - ok
15:05:00.0542 1680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
15:05:00.0557 1680 ACPI - ok
15:05:00.0573 1680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
15:05:00.0573 1680 AcpiPmi - ok
15:05:00.0760 1680 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:05:00.0760 1680 AdobeARMservice - ok
15:05:00.0854 1680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
15:05:00.0854 1680 adp94xx - ok
15:05:00.0900 1680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
15:05:00.0900 1680 adpahci - ok
15:05:00.0978 1680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
15:05:00.0978 1680 adpu320 - ok
15:05:01.0150 1680 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
15:05:01.0166 1680 AdvancedSystemCareService5 - ok
15:05:01.0181 1680 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
15:05:01.0181 1680 AeLookupSvc - ok
15:05:01.0275 1680 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
15:05:01.0275 1680 AFD - ok
15:05:01.0306 1680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
15:05:01.0306 1680 agp440 - ok
15:05:01.0337 1680 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
15:05:01.0337 1680 ALG - ok
15:05:01.0353 1680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
15:05:01.0353 1680 aliide - ok
15:05:01.0400 1680 AMD External Events Utility (310172dd4dc592e743932bf402d4af11) C:\windows\system32\atiesrxx.exe
15:05:01.0415 1680 AMD External Events Utility - ok
15:05:01.0431 1680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
15:05:01.0431 1680 amdide - ok
15:05:01.0462 1680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
15:05:01.0462 1680 AmdK8 - ok
15:05:02.0195 1680 amdkmdag (756885307bd541141143438cd3dc2174) C:\windows\system32\DRIVERS\atikmdag.sys
15:05:02.0414 1680 amdkmdag - ok
15:05:02.0601 1680 amdkmdap (526d56b1cd2fa25ece618577a2f5e4ee) C:\windows\system32\DRIVERS\atikmpag.sys
15:05:02.0616 1680 amdkmdap - ok
15:05:02.0663 1680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
15:05:02.0663 1680 AmdPPM - ok
15:05:02.0726 1680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
15:05:02.0726 1680 amdsata - ok
15:05:02.0741 1680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
15:05:02.0757 1680 amdsbs - ok
15:05:02.0757 1680 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
15:05:02.0757 1680 amdxata - ok
15:05:02.0788 1680 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
15:05:02.0788 1680 AppID - ok
15:05:02.0819 1680 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
15:05:02.0819 1680 AppIDSvc - ok
15:05:02.0850 1680 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
15:05:02.0850 1680 Appinfo - ok
15:05:02.0975 1680 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:05:02.0975 1680 Apple Mobile Device - ok
15:05:03.0069 1680 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
15:05:03.0069 1680 arc - ok
15:05:03.0100 1680 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
15:05:03.0100 1680 arcsas - ok
15:05:03.0147 1680 asmthub3 (22842362df890f5492f85aa60916a697) C:\windows\system32\DRIVERS\asmthub3.sys
15:05:03.0147 1680 asmthub3 - ok
15:05:03.0209 1680 asmtxhci (08e2d77766cc05e75a0707207d9fc684) C:\windows\system32\DRIVERS\asmtxhci.sys
15:05:03.0225 1680 asmtxhci - ok
15:05:03.0256 1680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:05:03.0256 1680 AsyncMac - ok
15:05:03.0287 1680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
15:05:03.0287 1680 atapi - ok
15:05:03.0381 1680 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:05:03.0381 1680 AudioEndpointBuilder - ok
15:05:03.0396 1680 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:05:03.0396 1680 AudioSrv - ok
15:05:03.0552 1680 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
15:05:03.0568 1680 AVG Security Toolbar Service - ok
15:05:03.0677 1680 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files (x86)\AVG\AVG9\avgemc.exe
15:05:03.0677 1680 avg9emc - ok
15:05:03.0708 1680 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
15:05:03.0708 1680 avg9wd - ok
15:05:03.0849 1680 Avgfwfd (b611370218f2a7dd6d0f089781eb8eae) C:\windows\system32\DRIVERS\avgfwd6a.sys
15:05:03.0849 1680 Avgfwfd - ok
15:05:04.0036 1680 avgfws9 (0f38e92d794df187ba060939c552484f) C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
15:05:04.0052 1680 avgfws9 - ok
15:05:04.0847 1680 AVGIDSAgent (abc81401a433f90414168e027aa6cc48) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
15:05:04.0910 1680 AVGIDSAgent - ok
15:05:05.0066 1680 AVGIDSDriverw7a (0bd9d87bd41ce736d3096097dd4065b7) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
15:05:05.0081 1680 AVGIDSDriverw7a - ok
15:05:05.0206 1680 AVGIDSErHrw7a (673703efcf80b548fab88d7dc536f727) C:\windows\system32\Drivers\AVGIDSwa.sys
15:05:05.0222 1680 AVGIDSErHrw7a - ok
15:05:05.0222 1680 AVGIDSFilterw7a (96feb9648b1db7a012a4e2f9c149abc4) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
15:05:05.0222 1680 AVGIDSFilterw7a - ok
15:05:05.0284 1680 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\windows\system32\Drivers\avgldx64.sys
15:05:05.0284 1680 AvgLdx64 - ok
15:05:05.0331 1680 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\windows\system32\Drivers\avgmfx64.sys
15:05:05.0331 1680 AvgMfx64 - ok
15:05:05.0362 1680 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\windows\system32\Drivers\avgrkx64.sys
15:05:05.0362 1680 AvgRkx64 - ok
15:05:05.0393 1680 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\windows\system32\Drivers\avgtdia.sys
15:05:05.0409 1680 AvgTdiA - ok
15:05:05.0424 1680 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
15:05:05.0424 1680 AxInstSV - ok
15:05:05.0487 1680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
15:05:05.0487 1680 b06bdrv - ok
15:05:05.0549 1680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:05:05.0549 1680 b57nd60a - ok
15:05:05.0658 1680 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:05:05.0658 1680 BBSvc - ok
15:05:05.0690 1680 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
15:05:05.0690 1680 BDESVC - ok
15:05:05.0705 1680 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:05:05.0705 1680 Beep - ok
15:05:05.0768 1680 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
15:05:05.0799 1680 BFE - ok
15:05:05.0892 1680 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
15:05:05.0892 1680 BITS - ok
15:05:05.0955 1680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:05:05.0955 1680 blbdrive - ok
15:05:06.0189 1680 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:05:06.0189 1680 Bonjour Service - ok
15:05:06.0314 1680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
15:05:06.0329 1680 bowser - ok
15:05:06.0392 1680 bpenum (56e4345f392f17d66683225e214840cb) C:\windows\system32\DRIVERS\bpenum.sys
15:05:06.0392 1680 bpenum - ok
15:05:06.0485 1680 bpmp (d50b07c4d7afec4ca6ac8fcb72583c5b) C:\windows\system32\DRIVERS\bpmp.sys
15:05:06.0485 1680 bpmp - ok
15:05:06.0563 1680 bpusb (a85ba55e4fe9cb2f342f281aaf7de810) C:\windows\system32\Drivers\bpusb.sys
15:05:06.0563 1680 bpusb - ok
15:05:06.0594 1680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
15:05:06.0594 1680 BrFiltLo - ok
15:05:06.0610 1680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
15:05:06.0626 1680 BrFiltUp - ok
15:05:06.0641 1680 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
15:05:06.0672 1680 BridgeMP - ok
15:05:06.0704 1680 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
15:05:06.0704 1680 Browser - ok
15:05:06.0797 1680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:05:06.0797 1680 Brserid - ok
15:05:06.0813 1680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:05:06.0813 1680 BrSerWdm - ok
15:05:06.0844 1680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:05:06.0844 1680 BrUsbMdm - ok
15:05:06.0860 1680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:05:06.0860 1680 BrUsbSer - ok
15:05:06.0875 1680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
15:05:06.0891 1680 BTHMODEM - ok
15:05:06.0938 1680 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
15:05:06.0938 1680 bthserv - ok
15:05:06.0953 1680 catchme - ok
15:05:07.0000 1680 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:05:07.0000 1680 cdfs - ok
15:05:07.0031 1680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
15:05:07.0031 1680 cdrom - ok
15:05:07.0062 1680 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:05:07.0062 1680 CertPropSvc - ok
15:05:07.0094 1680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
15:05:07.0094 1680 circlass - ok
15:05:07.0156 1680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:05:07.0172 1680 CLFS - ok
15:05:07.0234 1680 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:05:07.0234 1680 clr_optimization_v2.0.50727_32 - ok
15:05:07.0296 1680 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:05:07.0296 1680 clr_optimization_v2.0.50727_64 - ok
15:05:07.0359 1680 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:05:07.0359 1680 clr_optimization_v4.0.30319_32 - ok
15:05:07.0390 1680 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:05:07.0406 1680 clr_optimization_v4.0.30319_64 - ok
15:05:07.0437 1680 clwvd (e13a438f9e51dd034730678e33b73290) C:\windows\system32\DRIVERS\clwvd.sys
15:05:07.0437 1680 clwvd - ok
15:05:07.0452 1680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
15:05:07.0452 1680 CmBatt - ok
15:05:07.0468 1680 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
15:05:07.0468 1680 cmdide - ok
15:05:07.0546 1680 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
15:05:07.0562 1680 CNG - ok
15:05:07.0593 1680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
15:05:07.0593 1680 Compbatt - ok
15:05:07.0608 1680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
15:05:07.0608 1680 CompositeBus - ok
15:05:07.0608 1680 COMSysApp - ok
15:05:07.0624 1680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
15:05:07.0624 1680 crcdisk - ok
15:05:07.0671 1680 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
15:05:07.0686 1680 CryptSvc - ok
15:05:07.0858 1680 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:05:07.0874 1680 cvhsvc - ok
15:05:07.0920 1680 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:05:07.0920 1680 DcomLaunch - ok
15:05:07.0967 1680 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
15:05:07.0983 1680 defragsvc - ok
15:05:08.0045 1680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
15:05:08.0045 1680 DfsC - ok
15:05:08.0108 1680 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
15:05:08.0108 1680 Dhcp - ok
15:05:08.0123 1680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:05:08.0123 1680 discache - ok
15:05:08.0139 1680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
15:05:08.0154 1680 Disk - ok
15:05:08.0342 1680 DMAgent (e7b489fa5b15d2fec3e52066e015b788) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
15:05:08.0357 1680 DMAgent - ok
15:05:08.0404 1680 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
15:05:08.0404 1680 Dnscache - ok
15:05:08.0466 1680 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
15:05:08.0466 1680 dot3svc - ok
15:05:08.0498 1680 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
15:05:08.0498 1680 DPS - ok
15:05:08.0513 1680 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:05:08.0529 1680 drmkaud - ok
15:05:08.0622 1680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
15:05:08.0638 1680 DXGKrnl - ok
15:05:08.0669 1680 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
15:05:08.0669 1680 EapHost - ok
15:05:08.0934 1680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
15:05:08.0997 1680 ebdrv - ok
15:05:09.0153 1680 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
15:05:09.0168 1680 EFS - ok
15:05:09.0262 1680 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
15:05:09.0262 1680 ehRecvr - ok
15:05:09.0293 1680 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
15:05:09.0293 1680 ehSched - ok
15:05:09.0402 1680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
15:05:09.0402 1680 elxstor - ok
15:05:09.0434 1680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
15:05:09.0434 1680 ErrDev - ok
15:05:09.0527 1680 ETD (f9b5efce2a856bba9da2a28252180036) C:\windows\system32\DRIVERS\ETD.sys
15:05:09.0527 1680 ETD - ok
15:05:09.0605 1680 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
15:05:09.0621 1680 EventSystem - ok
15:05:09.0824 1680 EvtEng (57e61dc4f7980d57c0b162fc5b9f0b38) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:05:09.0824 1680 EvtEng - ok
15:05:09.0995 1680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:05:10.0011 1680 exfat - ok
15:05:10.0058 1680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:05:10.0073 1680 fastfat - ok
15:05:10.0151 1680 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
15:05:10.0167 1680 Fax - ok
15:05:10.0198 1680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
15:05:10.0198 1680 fdc - ok
15:05:10.0261 1680 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
15:05:10.0261 1680 fdPHost - ok
15:05:10.0276 1680 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
15:05:10.0276 1680 FDResPub - ok
15:05:10.0339 1680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:05:10.0339 1680 FileInfo - ok
15:05:10.0385 1680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:05:10.0385 1680 Filetrace - ok
15:05:10.0417 1680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
15:05:10.0417 1680 flpydisk - ok
15:05:10.0495 1680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
15:05:10.0495 1680 FltMgr - ok
15:05:10.0604 1680 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
15:05:10.0635 1680 FontCache - ok
15:05:10.0682 1680 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:05:10.0682 1680 FontCache3.0.0.0 - ok
15:05:10.0807 1680 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:05:10.0822 1680 FsDepends - ok
15:05:10.0853 1680 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys
15:05:10.0853 1680 fssfltr - ok
15:05:11.0119 1680 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:05:11.0134 1680 fsssvc - ok
15:05:11.0337 1680 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
15:05:11.0337 1680 Fs_Rec - ok
15:05:11.0384 1680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
15:05:11.0384 1680 fvevol - ok
15:05:11.0399 1680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
15:05:11.0399 1680 gagp30kx - ok
15:05:11.0509 1680 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
15:05:11.0509 1680 GameConsoleService - ok
15:05:11.0540 1680 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:05:11.0540 1680 GEARAspiWDM - ok
15:05:11.0633 1680 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
15:05:11.0649 1680 gpsvc - ok
15:05:11.0680 1680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:05:11.0680 1680 hcw85cir - ok
15:05:11.0743 1680 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
15:05:11.0743 1680 HdAudAddService - ok
15:05:11.0774 1680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
15:05:11.0774 1680 HDAudBus - ok
15:05:11.0805 1680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
15:05:11.0805 1680 HidBatt - ok
15:05:11.0821 1680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
15:05:11.0821 1680 HidBth - ok
15:05:11.0836 1680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
15:05:11.0836 1680 HidIr - ok
15:05:11.0867 1680 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
15:05:11.0867 1680 hidserv - ok
15:05:11.0883 1680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
15:05:11.0899 1680 HidUsb - ok
15:05:11.0914 1680 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
15:05:11.0914 1680 hkmsvc - ok
15:05:11.0945 1680 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
15:05:11.0945 1680 HomeGroupListener - ok
15:05:12.0008 1680 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
15:05:12.0008 1680 HomeGroupProvider - ok
15:05:12.0039 1680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
15:05:12.0039 1680 HpSAMD - ok
15:05:12.0133 1680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
15:05:12.0148 1680 HTTP - ok
15:05:12.0179 1680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
15:05:12.0179 1680 hwpolicy - ok
15:05:12.0195 1680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
15:05:12.0195 1680 i8042prt - ok
15:05:12.0320 1680 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
15:05:12.0320 1680 iaStor - ok
15:05:12.0429 1680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
15:05:12.0445 1680 iaStorV - ok
15:05:12.0569 1680 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:05:12.0585 1680 idsvc - ok
15:05:13.0661 1680 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
15:05:13.0911 1680 igfx - ok
15:05:14.0083 1680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
15:05:14.0083 1680 iirsp - ok
15:05:14.0176 1680 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
15:05:14.0176 1680 IKEEXT - ok
15:05:14.0239 1680 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
15:05:14.0254 1680 intaud_WaveExtensible - ok
15:05:14.0613 1680 IntcAzAudAddService (5205de9bd47f633e06ef3ef3de11ef99) C:\windows\system32\drivers\RTKVHD64.sys
15:05:14.0675 1680 IntcAzAudAddService - ok
15:05:14.0863 1680 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
15:05:14.0863 1680 IntcDAud - ok
15:05:14.0909 1680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
15:05:14.0909 1680 intelide - ok
15:05:15.0970 1680 intelkmd (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdpmd64.sys
15:05:16.0189 1680 intelkmd - ok
15:05:16.0391 1680 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
15:05:16.0391 1680 intelppm - ok
15:05:16.0407 1680 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
15:05:16.0423 1680 IPBusEnum - ok
15:05:16.0423 1680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:05:16.0438 1680 IpFilterDriver - ok
15:05:16.0532 1680 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
15:05:16.0547 1680 iphlpsvc - ok
15:05:16.0579 1680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
15:05:16.0579 1680 IPMIDRV - ok
15:05:16.0610 1680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:05:16.0610 1680 IPNAT - ok
15:05:16.0750 1680 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:05:16.0750 1680 iPod Service - ok
15:05:16.0781 1680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:05:16.0781 1680 IRENUM - ok
15:05:16.0797 1680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
15:05:16.0797 1680 isapnp - ok
15:05:16.0844 1680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
15:05:16.0844 1680 iScsiPrt - ok
15:05:16.0875 1680 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
15:05:16.0875 1680 iwdbus - ok
15:05:16.0906 1680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
15:05:16.0906 1680 kbdclass - ok
15:05:16.0906 1680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
15:05:16.0922 1680 kbdhid - ok
15:05:16.0953 1680 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:05:16.0953 1680 KeyIso - ok
15:05:17.0000 1680 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
15:05:17.0000 1680 KSecDD - ok
15:05:17.0015 1680 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
15:05:17.0031 1680 KSecPkg - ok
15:05:17.0047 1680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:05:17.0047 1680 ksthunk - ok
15:05:17.0093 1680 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
15:05:17.0109 1680 KtmRm - ok
15:05:17.0203 1680 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
15:05:17.0203 1680 LanmanServer - ok
15:05:17.0234 1680 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
15:05:17.0249 1680 LanmanWorkstation - ok
15:05:17.0390 1680 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:05:17.0390 1680 LBTServ - ok
15:05:17.0452 1680 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\windows\system32\DRIVERS\LEqdUsb.Sys
15:05:17.0452 1680 LEqdUsb - ok
15:05:17.0468 1680 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\windows\system32\DRIVERS\LHidEqd.Sys
15:05:17.0468 1680 LHidEqd - ok
15:05:17.0483 1680 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\windows\system32\DRIVERS\LHidFilt.Sys
15:05:17.0483 1680 LHidFilt - ok
15:05:17.0515 1680 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:05:17.0515 1680 lltdio - ok
15:05:17.0561 1680 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
15:05:17.0577 1680 lltdsvc - ok
15:05:17.0608 1680 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
15:05:17.0608 1680 lmhosts - ok
15:05:17.0655 1680 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\windows\system32\DRIVERS\LMouFilt.Sys
15:05:17.0655 1680 LMouFilt - ok
15:05:17.0733 1680 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:05:17.0749 1680 LMS - ok
15:05:17.0780 1680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
15:05:17.0780 1680 LSI_FC - ok
15:05:17.0842 1680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
15:05:17.0842 1680 LSI_SAS - ok
15:05:17.0873 1680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
15:05:17.0873 1680 LSI_SAS2 - ok
15:05:17.0889 1680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
15:05:17.0905 1680 LSI_SCSI - ok
15:05:17.0920 1680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:05:17.0920 1680 luafv - ok
15:05:17.0936 1680 lxdn_device - ok
15:05:18.0107 1680 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
15:05:18.0107 1680 McComponentHostService - ok
15:05:18.0154 1680 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
15:05:18.0154 1680 Mcx2Svc - ok
15:05:18.0185 1680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
15:05:18.0185 1680 megasas - ok
15:05:18.0295 1680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
15:05:18.0295 1680 MegaSR - ok
15:05:18.0341 1680 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
15:05:18.0341 1680 MEIx64 - ok
15:05:18.0388 1680 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:05:18.0388 1680 MMCSS - ok
15:05:18.0419 1680 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:05:18.0419 1680 Modem - ok
15:05:18.0482 1680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:05:18.0482 1680 monitor - ok
15:05:18.0497 1680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
15:05:18.0497 1680 mouclass - ok
15:05:18.0513 1680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
15:05:18.0513 1680 mouhid - ok
15:05:18.0529 1680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
15:05:18.0529 1680 mountmgr - ok
15:05:18.0607 1680 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:05:18.0607 1680 MozillaMaintenance - ok
15:05:18.0669 1680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
15:05:18.0669 1680 mpio - ok
15:05:18.0700 1680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:05:18.0700 1680 mpsdrv - ok
15:05:18.0841 1680 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
15:05:18.0872 1680 MpsSvc - ok
15:05:18.0903 1680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
15:05:18.0903 1680 MRxDAV - ok
15:05:18.0965 1680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
15:05:18.0981 1680 mrxsmb - ok
15:05:19.0043 1680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:05:19.0043 1680 mrxsmb10 - ok
15:05:19.0137 1680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:05:19.0137 1680 mrxsmb20 - ok
15:05:19.0168 1680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
15:05:19.0168 1680 msahci - ok
15:05:19.0199 1680 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
15:05:19.0199 1680 msdsm - ok
15:05:19.0246 1680 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
15:05:19.0262 1680 MSDTC - ok
15:05:19.0293 1680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:05:19.0293 1680 Msfs - ok
15:05:19.0293 1680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:05:19.0293 1680 mshidkmdf - ok
15:05:19.0309 1680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
15:05:19.0309 1680 msisadrv - ok
15:05:19.0355 1680 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
15:05:19.0355 1680 MSiSCSI - ok
15:05:19.0355 1680 msiserver - ok
15:05:19.0387 1680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:05:19.0387 1680 MSKSSRV - ok
15:05:19.0402 1680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:05:19.0418 1680 MSPCLOCK - ok
15:05:19.0433 1680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:05:19.0433 1680 MSPQM - ok
15:05:19.0480 1680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
15:05:19.0480 1680 MsRPC - ok
15:05:19.0496 1680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
15:05:19.0511 1680 mssmbios - ok
15:05:19.0511 1680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:05:19.0511 1680 MSTEE - ok
15:05:19.0543 1680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
15:05:19.0543 1680 MTConfig - ok
15:05:19.0558 1680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:05:19.0558 1680 Mup - ok
15:05:19.0699 1680 MyWiFiDHCPDNS (50b99d53bc013458381c6476d790c9f3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:05:19.0714 1680 MyWiFiDHCPDNS - ok
15:05:19.0777 1680 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
15:05:19.0792 1680 napagent - ok
15:05:19.0855 1680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:05:19.0855 1680 NativeWifiP - ok
15:05:19.0979 1680 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
15:05:19.0995 1680 NDIS - ok
15:05:20.0057 1680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:05:20.0057 1680 NdisCap - ok
15:05:20.0073 1680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:05:20.0089 1680 NdisTapi - ok
15:05:20.0104 1680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
15:05:20.0104 1680 Ndisuio - ok
15:05:20.0135 1680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
15:05:20.0135 1680 NdisWan - ok
15:05:20.0229 1680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
15:05:20.0229 1680 NDProxy - ok
15:05:20.0260 1680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:05:20.0260 1680 NetBIOS - ok
15:05:20.0307 1680 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
15:05:20.0338 1680 NetBT - ok
15:05:20.0401 1680 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:05:20.0401 1680 Netlogon - ok
15:05:20.0479 1680 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
15:05:20.0494 1680 Netman - ok
15:05:20.0541 1680 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
15:05:20.0557 1680 netprofm - ok
15:05:20.0650 1680 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:05:20.0650 1680 NetTcpPortSharing - ok
15:05:21.0383 1680 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
15:05:21.0524 1680 NETwNs64 - ok
15:05:21.0664 1680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
15:05:21.0664 1680 nfrd960 - ok
15:05:21.0711 1680 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
15:05:21.0711 1680 NlaSvc - ok
15:05:21.0976 1680 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:05:21.0992 1680 NOBU - ok
15:05:22.0085 1680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:05:22.0085 1680 Npfs - ok
15:05:22.0101 1680 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
15:05:22.0117 1680 nsi - ok
15:05:22.0132 1680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:05:22.0132 1680 nsiproxy - ok
15:05:22.0382 1680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
15:05:22.0444 1680 Ntfs - ok
15:05:22.0803 1680 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:05:22.0803 1680 Null - ok
15:05:22.0881 1680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
15:05:22.0897 1680 nvraid - ok
15:05:22.0943 1680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
15:05:22.0943 1680 nvstor - ok
15:05:22.0990 1680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
15:05:22.0990 1680 nv_agp - ok
15:05:23.0021 1680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
15:05:23.0021 1680 ohci1394 - ok
15:05:23.0209 1680 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:05:23.0209 1680 ose - ok
15:05:24.0410 1680 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:05:24.0519 1680 osppsvc - ok
15:05:25.0065 1680 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:05:25.0081 1680 p2pimsvc - ok
15:05:25.0159 1680 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
15:05:25.0159 1680 p2psvc - ok
15:05:25.0221 1680 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
15:05:25.0221 1680 Parport - ok
15:05:25.0268 1680 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
15:05:25.0268 1680 partmgr - ok
15:05:25.0315 1680 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
15:05:25.0315 1680 PcaSvc - ok
15:05:25.0377 1680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
15:05:25.0377 1680 pci - ok
15:05:25.0393 1680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
15:05:25.0393 1680 pciide - ok
15:05:25.0424 1680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
15:05:25.0424 1680 pcmcia - ok
15:05:25.0439 1680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:05:25.0455 1680 pcw - ok
15:05:25.0533 1680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:05:25.0533 1680 PEAUTH - ok
15:05:25.0673 1680 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
15:05:25.0673 1680 PerfHost - ok
15:05:25.0923 1680 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
15:05:25.0923 1680 pla - ok
15:05:26.0017 1680 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
15:05:26.0017 1680 PlugPlay - ok
15:05:26.0048 1680 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
15:05:26.0048 1680 PNRPAutoReg - ok
15:05:26.0110 1680 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:05:26.0110 1680 PNRPsvc - ok
15:05:26.0173 1680 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
15:05:26.0173 1680 PolicyAgent - ok
15:05:26.0204 1680 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
15:05:26.0204 1680 Power - ok
15:05:26.0391 1680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
15:05:26.0407 1680 PptpMiniport - ok
15:05:26.0453 1680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
15:05:26.0453 1680 Processor - ok
15:05:26.0516 1680 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
15:05:26.0516 1680 ProfSvc - ok
15:05:26.0563 1680 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:05:26.0563 1680 ProtectedStorage - ok
15:05:26.0625 1680 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
15:05:26.0625 1680 Psched - ok
15:05:26.0812 1680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
15:05:26.0828 1680 ql2300 - ok
15:05:26.0984 1680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
15:05:26.0984 1680 ql40xx - ok
15:05:27.0031 1680 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
15:05:27.0031 1680 QWAVE - ok
15:05:27.0062 1680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:05:27.0062 1680 QWAVEdrv - ok
15:05:27.0062 1680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:05:27.0077 1680 RasAcd - ok
15:05:27.0109 1680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:05:27.0109 1680 RasAgileVpn - ok
15:05:27.0140 1680 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
15:05:27.0140 1680 RasAuto - ok
15:05:27.0187 1680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
15:05:27.0187 1680 Rasl2tp - ok
15:05:27.0233 1680 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
15:05:27.0233 1680 RasMan - ok
15:05:27.0249 1680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:05:27.0249 1680 RasPppoe - ok
15:05:27.0280 1680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:05:27.0280 1680 RasSstp - ok
15:05:27.0311 1680 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
15:05:27.0311 1680 rdbss - ok
15:05:27.0343 1680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
15:05:27.0343 1680 rdpbus - ok
15:05:27.0358 1680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:05:27.0358 1680 RDPCDD - ok
15:05:27.0358 1680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:05:27.0358 1680 RDPENCDD - ok
15:05:27.0374 1680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:05:27.0374 1680 RDPREFMP - ok
15:05:27.0436 1680 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
15:05:27.0452 1680 RDPWD - ok
15:05:27.0483 1680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
15:05:27.0483 1680 rdyboost - ok
15:05:27.0623 1680 RegSrvc (18505d90fee940ee9eae4c5b421f22b4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:05:27.0639 1680 RegSrvc - ok
15:05:27.0701 1680 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
15:05:27.0701 1680 RemoteAccess - ok
15:05:27.0764 1680 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
15:05:27.0764 1680 RemoteRegistry - ok
15:05:27.0920 1680 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:05:27.0920 1680 RichVideo - ok
15:05:27.0967 1680 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
15:05:27.0982 1680 RpcEptMapper - ok
15:05:27.0998 1680 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
15:05:27.0998 1680 RpcLocator - ok
15:05:28.0076 1680 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:05:28.0091 1680 RpcSs - ok
15:05:28.0123 1680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:05:28.0123 1680 rspndr - ok
15:05:28.0169 1680 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\windows\system32\DRIVERS\Rt64win7.sys
15:05:28.0185 1680 RTL8167 - ok
15:05:28.0263 1680 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
15:05:28.0279 1680 SABI - ok
15:05:28.0341 1680 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:05:28.0341 1680 SamSs - ok
15:05:28.0466 1680 SamsungDeviceConfigurationWinService (5e66abd041d76c46cbf55aef910fca56) C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
15:05:28.0481 1680 SamsungDeviceConfigurationWinService - ok
15:05:28.0544 1680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
15:05:28.0544 1680 sbp2port - ok
15:05:28.0591 1680 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
15:05:28.0591 1680 SCardSvr - ok
15:05:28.0637 1680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
15:05:28.0637 1680 scfilter - ok
15:05:28.0747 1680 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
15:05:28.0747 1680 Schedule - ok
15:05:28.0778 1680 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:05:28.0778 1680 SCPolicySvc - ok
15:05:28.0825 1680 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
15:05:28.0825 1680 SDRSVC - ok
15:05:28.0949 1680 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:05:28.0949 1680 SeaPort - ok
15:05:28.0996 1680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:05:28.0996 1680 secdrv - ok
15:05:29.0043 1680 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
15:05:29.0043 1680 seclogon - ok
15:05:29.0074 1680 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
15:05:29.0074 1680 SENS - ok
15:05:29.0121 1680 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
15:05:29.0121 1680 SensrSvc - ok
15:05:29.0152 1680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
15:05:29.0152 1680 Serenum - ok
15:05:29.0168 1680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
15:05:29.0168 1680 Serial - ok
15:05:29.0230 1680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
15:05:29.0230 1680 sermouse - ok
15:05:29.0293 1680 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
15:05:29.0293 1680 SessionEnv - ok
15:05:29.0308 1680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
15:05:29.0308 1680 sffdisk - ok
15:05:29.0355 1680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
15:05:29.0355 1680 sffp_mmc - ok
15:05:29.0371 1680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
15:05:29.0371 1680 sffp_sd - ok
15:05:29.0386 1680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
15:05:29.0402 1680 sfloppy - ok
15:05:29.0480 1680 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
15:05:29.0495 1680 Sftfs - ok
15:05:29.0620 1680 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:05:29.0620 1680 sftlist - ok
15:05:29.0714 1680 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
15:05:29.0729 1680 Sftplay - ok
15:05:29.0729 1680 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
15:05:29.0729 1680 Sftredir - ok
15:05:29.0776 1680 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
15:05:29.0776 1680 Sftvol - ok
15:05:29.0823 1680 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:05:29.0823 1680 sftvsa - ok
15:05:29.0870 1680 SGDrv (2fe1cd3aa602414841db10ad96c95a5e) C:\windows\system32\DRIVERS\SGdrv64.sys
15:05:29.0870 1680 SGDrv - ok
15:05:29.0979 1680 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
15:05:29.0979 1680 SharedAccess - ok
15:05:30.0041 1680 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
15:05:30.0041 1680 ShellHWDetection - ok
15:05:30.0073 1680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
15:05:30.0073 1680 SiSRaid2 - ok
15:05:30.0104 1680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
15:05:30.0104 1680 SiSRaid4 - ok
15:05:30.0494 1680 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:05:30.0541 1680 Skype C2C Service - ok
15:05:30.0634 1680 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:05:30.0650 1680 SkypeUpdate - ok
15:05:30.0775 1680 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\windows\system32\Drivers\SmartDefragDriver.sys
15:05:30.0775 1680 SmartDefragDriver - ok
15:05:30.0806 1680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:05:30.0806 1680 Smb - ok
15:05:30.0868 1680 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
15:05:30.0868 1680 SNMPTRAP - ok
15:05:30.0899 1680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:05:30.0899 1680 spldr - ok
15:05:31.0040 1680 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
15:05:31.0040 1680 Spooler - ok
15:05:31.0336 1680 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
15:05:31.0383 1680 sppsvc - ok
15:05:31.0492 1680 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
15:05:31.0492 1680 sppuinotify - ok
15:05:31.0633 1680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
15:05:31.0633 1680 srv - ok
15:05:31.0695 1680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
15:05:31.0711 1680 srv2 - ok
15:05:31.0742 1680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
15:05:31.0757 1680 srvnet - ok
15:05:31.0789 1680 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
15:05:31.0804 1680 SSDPSRV - ok
15:05:31.0835 1680 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
15:05:31.0835 1680 SstpSvc - ok
15:05:31.0882 1680 Steam Client Service - ok
15:05:31.0913 1680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
15:05:31.0913 1680 stexstor - ok
15:05:32.0069 1680 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
15:05:32.0069 1680 stisvc - ok
15:05:32.0101 1680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
15:05:32.0101 1680 swenum - ok
15:05:32.0225 1680 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
15:05:32.0241 1680 swprv - ok
15:05:32.0459 1680 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
15:05:32.0491 1680 SysMain - ok
15:05:32.0631 1680 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
15:05:32.0631 1680 TabletInputService - ok
15:05:32.0662 1680 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
15:05:32.0678 1680 TapiSrv - ok
15:05:32.0693 1680 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
15:05:32.0693 1680 TBS - ok
15:05:32.0865 1680 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
15:05:32.0896 1680 Tcpip - ok
15:05:33.0146 1680 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
15:05:33.0146 1680 TCPIP6 - ok
15:05:33.0302 1680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
15:05:33.0302 1680 tcpipreg - ok
15:05:33.0317 1680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:05:33.0317 1680 TDPIPE - ok
15:05:33.0349 1680 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
15:05:33.0349 1680 TDTCP - ok
15:05:33.0411 1680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
15:05:33.0411 1680 tdx - ok
15:05:33.0723 1680 TeamViewer7 (2bbb318ea9f34fdc508cea4aab98d770) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:05:33.0785 1680 TeamViewer7 - ok
15:05:33.0910 1680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
15:05:33.0926 1680 TermDD - ok
15:05:34.0004 1680 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
15:05:34.0004 1680 TermService - ok
15:05:34.0035 1680 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
15:05:34.0035 1680 Themes - ok
15:05:34.0051 1680 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:05:34.0051 1680 THREADORDER - ok
15:05:34.0082 1680 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
15:05:34.0097 1680 TrkWks - ok
15:05:34.0144 1680 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
15:05:34.0144 1680 TrustedInstaller - ok
15:05:34.0160 1680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
15:05:34.0175 1680 tssecsrv - ok
15:05:34.0191 1680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
15:05:34.0191 1680 TsUsbFlt - ok
15:05:34.0316 1680 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
15:05:34.0316 1680 TsUsbGD - ok
15:05:34.0363 1680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
15:05:34.0363 1680 tunnel - ok
15:05:34.0409 1680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
15:05:34.0409 1680 uagp35 - ok
15:05:34.0534 1680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
15:05:34.0550 1680 udfs - ok
15:05:34.0597 1680 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
15:05:34.0612 1680 UI0Detect - ok
15:05:34.0643 1680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
15:05:34.0643 1680 uliagpkx - ok
15:05:34.0659 1680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
15:05:34.0675 1680 umbus - ok
15:05:34.0675 1680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
15:05:34.0675 1680 UmPass - ok
15:05:34.0940 1680 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:05:34.0955 1680 UNS - ok
15:05:35.0096 1680 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
15:05:35.0096 1680 upnphost - ok
15:05:35.0158 1680 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
15:05:35.0174 1680 USBAAPL64 - ok
15:05:35.0205 1680 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
15:05:35.0205 1680 usbaudio - ok
15:05:35.0283 1680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
15:05:35.0283 1680 usbccgp - ok
15:05:35.0314 1680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
15:05:35.0314 1680 usbcir - ok
15:05:35.0361 1680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
15:05:35.0361 1680 usbehci - ok
15:05:35.0392 1680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
15:05:35.0408 1680 usbhub - ok
15:05:35.0439 1680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
15:05:35.0439 1680 usbohci - ok
15:05:35.0470 1680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
15:05:35.0470 1680 usbprint - ok
15:05:35.0517 1680 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
15:05:35.0517 1680 usbscan - ok
15:05:35.0564 1680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:05:35.0564 1680 USBSTOR - ok
15:05:35.0595 1680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
15:05:35.0595 1680 usbuhci - ok
15:05:35.0673 1680 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
15:05:35.0689 1680 usbvideo - ok
15:05:35.0704 1680 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
15:05:35.0720 1680 UxSms - ok
15:05:35.0767 1680 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:05:35.0767 1680 VaultSvc - ok
15:05:35.0782 1680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
15:05:35.0798 1680 vdrvroot - ok
15:05:35.0891 1680 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
15:05:35.0891 1680 vds - ok
15:05:35.0923 1680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:05:35.0923 1680 vga - ok
15:05:35.0954 1680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:05:35.0954 1680 VgaSave - ok
15:05:36.0016 1680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
15:05:36.0032 1680 vhdmp - ok
15:05:36.0047 1680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
15:05:36.0047 1680 viaide - ok
15:05:36.0110 1680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
15:05:36.0110 1680 volmgr - ok
15:05:36.0157 1680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
15:05:36.0172 1680 volmgrx - ok
15:05:36.0203 1680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
15:05:36.0219 1680 volsnap - ok
15:05:36.0281 1680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
15:05:36.0281 1680 vsmraid - ok
15:05:36.0437 1680 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
15:05:36.0469 1680 VSS - ok
15:05:36.0687 1680 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
15:05:36.0703 1680 vToolbarUpdater11.2.0 - ok
15:05:36.0827 1680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
15:05:36.0827 1680 vwifibus - ok
15:05:36.0859 1680 VWiFiFlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
15:05:36.0859 1680 VWiFiFlt - ok
15:05:36.0874 1680 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
15:05:36.0890 1680 vwifimp - ok
15:05:36.0952 1680 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
15:05:36.0968 1680 W32Time - ok
15:05:37.0015 1680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
15:05:37.0030 1680 WacomPen - ok
15:05:37.0046 1680 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:05:37.0061 1680 WANARP - ok
15:05:37.0061 1680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:05:37.0061 1680 Wanarpv6 - ok
15:05:37.0249 1680 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
15:05:37.0280 1680 WatAdminSvc - ok
15:05:37.0420 1680 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
15:05:37.0436 1680 wbengine - ok
15:05:37.0592 1680 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
15:05:37.0592 1680 WbioSrvc - ok
15:05:37.0639 1680 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
15:05:37.0639 1680 wcncsvc - ok
15:05:37.0654 1680 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
15:05:37.0670 1680 WcsPlugInService - ok
15:05:37.0732 1680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
15:05:37.0748 1680 Wd - ok
15:05:37.0810 1680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:05:37.0826 1680 Wdf01000 - ok
15:05:37.0857 1680 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:05:37.0857 1680 WdiServiceHost - ok
15:05:37.0873 1680 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:05:37.0873 1680 WdiSystemHost - ok
15:05:37.0935 1680 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\windows\system32\DRIVERS\WDKMD.sys
15:05:37.0935 1680 wdkmd - ok
15:05:37.0982 1680 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
15:05:37.0997 1680 WebClient - ok
15:05:38.0013 1680 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
15:05:38.0029 1680 Wecsvc - ok
15:05:38.0029 1680 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
15:05:38.0044 1680 wercplsupport - ok
15:05:38.0060 1680 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
15:05:38.0075 1680 WerSvc - ok
15:05:38.0091 1680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:05:38.0091 1680 WfpLwf - ok
15:05:38.0387 1680 WiMAXAppSrv (245ea6a2cfae7b183ee9a14a4673b1f1) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
15:05:38.0403 1680 WiMAXAppSrv - ok
15:05:38.0450 1680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:05:38.0450 1680 WIMMount - ok
15:05:38.0481 1680 WinDefend - ok
15:05:38.0497 1680 WinHttpAutoProxySvc - ok
15:05:38.0559 1680 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
15:05:38.0575 1680 Winmgmt - ok
15:05:38.0746 1680 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
15:05:38.0777 1680 WinRM - ok
15:05:38.0933 1680 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
15:05:38.0933 1680 WinUsb - ok
15:05:39.0011 1680 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
15:05:39.0027 1680 Wlansvc - ok
15:05:39.0089 1680 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:05:39.0089 1680 wlcrasvc - ok
15:05:39.0308 1680 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:05:39.0323 1680 wlidsvc - ok
15:05:39.0479 1680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
15:05:39.0479 1680 WmiAcpi - ok
15:05:39.0542 1680 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
15:05:39.0542 1680 wmiApSrv - ok
15:05:39.0589 1680 WMPNetworkSvc - ok
15:05:39.0682 1680 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
15:05:39.0698 1680 WMZuneComm - ok
15:05:39.0713 1680 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
15:05:39.0729 1680 WPCSvc - ok
15:05:39.0745 1680 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
15:05:39.0745 1680 WPDBusEnum - ok
15:05:39.0776 1680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:05:39.0776 1680 ws2ifsl - ok
15:05:39.0838 1680 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
15:05:39.0854 1680 wscsvc - ok
15:05:39.0854 1680 WSearch - ok
15:05:40.0088 1680 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
15:05:40.0103 1680 wuauserv - ok
15:05:40.0244 1680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
15:05:40.0244 1680 WudfPf - ok
15:05:40.0306 1680 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
15:05:40.0306 1680 WUDFRd - ok
15:05:40.0369 1680 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
15:05:40.0384 1680 wudfsvc - ok
15:05:40.0447 1680 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
15:05:40.0447 1680 WwanSvc - ok
15:05:40.0447 1680 X6va005 - ok
15:05:40.0462 1680 X6va008 - ok
15:05:40.0493 1680 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\windows\system32\DRIVERS\xusb21.sys
15:05:40.0509 1680 xusb21 - ok
15:05:41.0320 1680 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
15:05:41.0461 1680 ZuneNetworkSvc - ok
15:05:41.0601 1680 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:05:41.0601 1680 ZuneWlanCfgSvc - ok
15:05:41.0632 1680 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
15:05:41.0882 1680 \Device\Harddisk0\DR0 - ok
15:05:41.0897 1680 Boot (0x1200) (8bad8bfe343de930604b238a6d71052c) \Device\Harddisk0\DR0\Partition0
15:05:41.0897 1680 \Device\Harddisk0\DR0\Partition0 - ok
15:05:41.0897 1680 Boot (0x1200) (727a6c3f854afaec03253d3ec54e3800) \Device\Harddisk0\DR0\Partition1
15:05:41.0897 1680 \Device\Harddisk0\DR0\Partition1 - ok
15:05:41.0929 1680 Boot (0x1200) (1acebabd24b927ad654e15088bbf78fe) \Device\Harddisk0\DR0\Partition2
15:05:41.0929 1680 \Device\Harddisk0\DR0\Partition2 - ok
15:05:41.0929 1680 ============================================================
15:05:41.0929 1680 Scan finished
15:05:41.0929 1680 ============================================================
15:05:41.0929 6028 Detected object count: 0
15:05:41.0929 6028 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 00:20:38
-----------------------------
00:20:38.010 OS Version: Windows x64 6.1.7601 Service Pack 1
00:20:38.010 Number of processors: 8 586 0x2A07
00:20:38.010 ComputerName: HOME-PC UserName: home
00:20:41.070 Initialize success
00:21:41.271 AVAST engine defs: 12071601
05:58:24.886 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:58:24.888 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
05:58:24.904 Disk 0 MBR read successfully
05:58:24.906 Disk 0 MBR scan
05:58:24.929 Disk 0 unknown MBR code
05:58:24.946 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
05:58:24.969 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 278528 MB offset 206848
05:58:24.973 Disk 0 Partition - 00 0F Extended LBA 416518 MB offset 570632192
05:58:24.998 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 20256 MB offset 1423661056
05:58:25.032 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 416517 MB offset 570634240
05:58:25.062 Disk 0 scanning C:\windows\system32\drivers
05:58:41.211 Service scanning
05:59:12.809 Modules scanning
05:59:13.142 Disk 0 trace - called modules:
05:59:13.157 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
05:59:13.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800845e790]
05:59:13.165 3 CLASSPNP.SYS[fffff88001b9343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80069c0050]
05:59:18.002 AVAST engine scan C:\windows
05:59:21.779 AVAST engine scan C:\windows\system32
06:01:27.237 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
06:01:29.880 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
06:02:35.768 AVAST engine scan C:\windows\system32\drivers
06:02:56.246 AVAST engine scan C:\Users\home
06:14:07.364 AVAST engine scan C:\ProgramData
06:20:42.642 Scan finished successfully
11:07:09.731 Disk 0 MBR has been saved successfully to "C:\Users\home\Desktop\MBR.dat"
11:07:09.735 The log file has been saved successfully to "C:\Users\home\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-18 15:06:37
-----------------------------
15:06:37.986 OS Version: Windows x64 6.1.7601 Service Pack 1
15:06:37.986 Number of processors: 8 586 0x2A07
15:06:37.986 ComputerName: HOME-PC UserName: home
15:06:39.327 Initialize success
15:07:26.176 AVAST engine defs: 12071800
15:12:26.086 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:12:26.090 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
15:12:26.104 Disk 0 MBR read successfully
15:12:26.106 Disk 0 MBR scan
15:12:26.110 Disk 0 unknown MBR code
15:12:26.113 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:12:26.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 278528 MB offset 206848
15:12:26.129 Disk 0 Partition - 00 0F Extended LBA 416518 MB offset 570632192
15:12:26.154 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 20256 MB offset 1423661056
15:12:26.188 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 416517 MB offset 570634240
15:12:26.230 Disk 0 scanning C:\windows\system32\drivers
15:12:38.504 Service scanning
15:13:13.564 Modules scanning
15:13:13.907 Disk 0 trace - called modules:
15:13:13.924 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:13:13.933 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800845f790]
15:13:13.940 3 CLASSPNP.SYS[fffff88001b7f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006636050]
15:13:15.580 AVAST engine scan C:\windows
15:13:21.591 AVAST engine scan C:\windows\system32
15:17:08.024 AVAST engine scan C:\windows\system32\drivers
15:17:27.811 AVAST engine scan C:\Users\home
15:27:54.995 AVAST engine scan C:\ProgramData
15:32:56.671 Scan finished successfully
15:38:27.067 Disk 0 MBR has been saved successfully to "C:\Users\home\Desktop\MBR.dat"
15:38:27.072 The log file has been saved successfully to "C:\Users\home\Desktop\aswMBR.txt"


Up to now, everything seems clean now. Thanks a lot! No problems whatsoever now.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 18 July 2012 - 05:01 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com

DDS::
uStart Page = hxxp://www.ask.com/?l=dis&o=15387

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 20 July 2012 - 11:19 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Akira Yatsu

Akira Yatsu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 July 2012 - 04:26 PM

Really sorry, haven't had a chance to touch my lap in a couple days so I fell a little behind, coming back posting everything in 10 mins.

#11 Akira Yatsu

Akira Yatsu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 July 2012 - 04:56 PM

Combofix Log, Everything running smoothly, though I had the same strange mistake. When I tried to open my FF browser, restart as said worked it out.

Why does this happen? I'm just curious...

Everything seems fine, running perfectly! Back to normal, speed normal, all antivirus and firewalls perfect!
Thanks Gringo :D!

Log comes next.

ComboFix 12-07-21.01 - home 07/21/2012 16:30:38.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4006 [GMT -5:00]
Running from: c:\users\home\Desktop\ComboFix.exe
Command switches used :: c:\users\home\Desktop\CFScript.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_907e.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 21:37 . 2012-07-21 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 07:44 . 2012-07-18 07:44 -------- d-----w- c:\users\home\AppData\Roaming\AVG9
2012-07-18 03:00 . 2012-07-18 03:00 -------- d-----w- c:\users\home\temp
2012-07-18 03:00 . 2012-07-18 03:00 -------- d-----w- c:\program files (x86)\TeamViewer
2012-07-17 01:25 . 2012-07-17 01:25 -------- d-----w- c:\program files (x86)\ESET
2012-07-17 01:08 . 2012-07-17 01:08 -------- d-----w- c:\windows\Sun
2012-07-16 02:04 . 2012-07-16 02:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 02:00 . 2012-07-16 02:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 08:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 19:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-30 22:30 . 2012-06-30 22:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-27 21:13 . 2012-06-28 03:48 -------- d-----w- c:\users\home\AppData\Local\Turbine
2012-06-27 20:56 . 2012-07-05 03:18 -------- d-----w- c:\users\home\AppData\Local\ApplicationHistory
2012-06-27 20:54 . 2012-06-27 20:54 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-22 16:20 . 2012-06-22 16:20 -------- d-----w- c:\windows\en
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\ar
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\bg
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\cs
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\da
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\de
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\el
2012-06-22 16:14 . 2012-06-22 16:14 -------- d-----w- c:\windows\es
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\fi
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\fr
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\he
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\hr
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\hu
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\it
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\ko
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\lt
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\lv
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\nl
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\no
2012-06-22 16:13 . 2012-06-22 16:13 -------- d-----w- c:\windows\pl
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\pt-br
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\pt-pt
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\ro
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\ru
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\sk
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\sl
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\sr-latn-cs
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\sv
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\th
2012-06-22 16:12 . 2012-06-22 16:12 -------- d-----w- c:\windows\tr
2012-06-22 16:11 . 2012-06-22 16:11 -------- d-----w- c:\windows\zh-cn
2012-06-22 16:11 . 2012-06-22 16:11 -------- d-----w- c:\windows\zh-tw
2012-06-22 15:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 15:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 15:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 15:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 15:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 15:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 15:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 15:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 15:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 02:04 . 2011-11-27 01:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:02 . 2011-09-28 17:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-14 12:47 . 2012-06-14 12:47 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-14 12:47 . 2012-06-14 12:47 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-24 15:47 . 2011-11-30 20:02 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-19 19:15 . 2012-05-19 19:15 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-09 10:18 . 2012-05-09 10:18 280912 ----a-w- c:\windows\system32\drivers\ETD.sys
2012-05-04 11:06 . 2012-06-14 01:16 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 01:16 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 01:16 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 01:16 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 01:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 01:16 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 01:16 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 01:16 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 01:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 01:15 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 01:15 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 01:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 01:15 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 01:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-18_08.13.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-18 08:09 . 2012-07-18 08:09 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-07-21 21:37 . 2012-07-21 21:37 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-07-20 17:36 65294 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-20 17:36 41788 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-28 16:35 . 2012-07-20 17:36 15472 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2067460848-1491120777-1853505066-1000_UserData.bin
- 2011-08-29 09:09 . 2012-07-18 08:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-29 09:09 . 2012-07-21 21:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-29 09:09 . 2012-07-18 08:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-29 09:09 . 2012-07-21 21:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-21 21:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-18 08:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-18 08:10 . 2012-07-18 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-21 21:38 . 2012-07-21 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-18 08:10 . 2012-07-18 08:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-21 21:38 . 2012-07-21 21:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-21 21:25 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-18 07:57 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-08 08:23 . 2012-07-21 21:24 261592 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-18 07:58 633770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-20 05:25 633770 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-18 07:58 111114 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-20 05:25 111114 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-21 21:37 233276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-18 08:09 233276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-21 21:25 3457024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-18 07:57 3457024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-29 10:19 . 2012-07-18 07:52 2100136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-29 10:19 . 2012-07-21 21:37 2100136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-28 20:20 . 2012-07-18 07:52 4203491 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2067460848-1491120777-1853505066-1000-8192.dat
+ 2011-09-28 20:20 . 2012-07-21 21:37 4203491 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2067460848-1491120777-1853505066-1000-8192.dat
+ 2011-11-27 09:23 . 2012-07-20 20:13 4615016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2067460848-1491120777-1853505066-1000-12288.dat
- 2011-11-27 09:23 . 2012-07-18 08:09 4615016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2067460848-1491120777-1853505066-1000-12288.dat
+ 2009-07-14 04:54 . 2012-07-21 21:25 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-18 07:57 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 20:16 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
c:\program files (x86)\uTorrentBar\prxtbuTor.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-08 36960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005; [x]
R3 X6va008;X6va008; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [2011-11-27 27216]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2011-11-27 56008]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-11-27 29976]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [2011-11-27 269904]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [2011-11-27 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [2011-11-27 317520]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-27 204288]
S2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2011-11-27 921952]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2011-11-27 308136]
S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2011-11-27 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-02-13 31624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-27 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-27 309760]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2011-11-27 132688]
S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2011-11-27 35920]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-05-09 280912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-04 12262624]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\1qc0gzhl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4fe03e68-95b8-4019-b962-16fb98a3f36f%7D&mid=0bf457dac2f80c349fbd8fadc9073f84-e081b69803c7312ff1a3d83fe86d5d79533b2bb9&ds=AVG&v=9.0.0.18.1&lang=us&pr=pa&d=2011-11-30%2005%3A29%3A43&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1324813798
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1324814038
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1324813918
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1324850838
FF - user.js: avg.install.currLocale - us
FF - user.js: avg.install.date - 1322631406000
FF - user.js: avg.install.finished - 9.0.0.18.1
FF - user.js: avg.install.guid - {4fe03e68-95b8-4019-b962-16fb98a3f36f}
FF - user.js: avg.install.installDirPath - c:\\ProgramData\\AVG Secure Search\\9.0.0.18
FF - user.js: avg.install.isDisabled - 1
FF - user.js: avg.install.isHidden - true
FF - user.js: avg.install.lastUpdaterReq - 1322631411000
FF - user.js: avg.install.laststatreq - 1322631411000
FF - user.js: avg.install.migrationComplete - true
FF - user.js: avg.install.newtab - false
FF - user.js: avg.install.overlayVersion - 634569785481041250
FF - user.js: avg.install.updaterInterval - 24
FF - user.js: avg.install.userHPSettings - chrome://branding/locale/browserconfig.properties
FF - user.js: avg.install.userSPSettings - Google
FF - user.js: avg.userPreferences.newtabDisabledByUser - true
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - c:\\Users\\home\\Pictures
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.startup.homepage - hxxps://www.google.com/
FF - user.js: browser.startup.homepage_override.buildID - 20111120135848
FF - user.js: browser.startup.homepage_override.mstone - rv:8.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.8.0.1
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.avg@igeared.install-event-fired - true
FF - user.js: extensions.avg@toolbar.install-event-fired - true
FF - user.js: extensions.blocklist.pingCountTotal - 24
FF - user.js: extensions.blocklist.pingCountVersion - 24
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0.1
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\avg@toolbar\:{\descriptor\:\c:\\\\ProgramData\\\\AVG Secure Search\\\\9.0.0.18\,\mtime\:1322653006326}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1322357629759}}},{\name\:\app-profile\,\addons\:{\toolbar@ask.com\:{\descriptor\:\c:\\\\Users\\\\home\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1qc0gzhl.default\\\\extensions\\\\toolbar@ask.com\,\mtime\:1323021597109}}}]
FF - user.js: extensions.lastAppVersion - 8.0.1
FF - user.js: extensions.lastPlatformVersion - 8.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: font.name.serif.x-western - Arial
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1324555781
FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8
FF - user.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4fe03e68-95b8-4019-b962-16fb98a3f36f%7D&mid=0bf457dac2f80c349fbd8fadc9073f84-e081b69803c7312ff1a3d83fe86d5d79533b2bb9&ds=AVG&v=9.0.0.18.1&lang=us&pr=pa&d=2011-11-30%2005%3A29%3A43&sap=ku&q=
FF - user.js: lightweightThemes.isThemeSelected - true
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\313089\,\name\:\opeth - black backdrop\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/9/313089/opeth_black_header.jpg?1287261966\,\footerURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/opeth_black_footer.jpg?1287261966\,\textcolor\:\#ffffff\,\accentcolor\:\#000000\,\iconURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/preview_small.jpg?1287261966\,\previewURL\:\http://getpersonas-cdn.mozilla.net/static/8/9/313089/preview.jpg?1287261966\,\author\:\metal desktops\,\description\:\opeth's logo on a black backdrop\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/313089\,\version\:\1287261966\,\updateDate\:1322461330745,\installDate\:1322358109234}]
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 0
FF - user.js: places.database.lastMaintenance - 1324555781
FF - user.js: places.history.expiration.transient_current_max_pages - 190553
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: print_printer - Lexmark 2600 Series
FF - user.js: printer_Lexmark_2600_Series.print_bgcolor - false
FF - user.js: printer_Lexmark_2600_Series.print_bgimages - false
FF - user.js: printer_Lexmark_2600_Series.print_colorspace -
FF - user.js: printer_Lexmark_2600_Series.print_command -
FF - user.js: printer_Lexmark_2600_Series.print_downloadfonts - false
FF - user.js: printer_Lexmark_2600_Series.print_edge_bottom - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_left - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_right - 0
FF - user.js: printer_Lexmark_2600_Series.print_edge_top - 0
FF - user.js: printer_Lexmark_2600_Series.print_evenpages - true
FF - user.js: printer_Lexmark_2600_Series.print_footercenter -
FF - user.js: printer_Lexmark_2600_Series.print_footerleft - &PT
FF - user.js: printer_Lexmark_2600_Series.print_footerright - &D
FF - user.js: printer_Lexmark_2600_Series.print_headercenter -
FF - user.js: printer_Lexmark_2600_Series.print_headerleft - &T
FF - user.js: printer_Lexmark_2600_Series.print_headerright - &U
FF - user.js: printer_Lexmark_2600_Series.print_in_color - true
FF - user.js: printer_Lexmark_2600_Series.print_margin_bottom - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_left - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_right - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_margin_top - 0.5
FF - user.js: printer_Lexmark_2600_Series.print_oddpages - true
FF - user.js: printer_Lexmark_2600_Series.print_orientation - 0
FF - user.js: printer_Lexmark_2600_Series.print_page_delay - 50
FF - user.js: printer_Lexmark_2600_Series.print_paper_data - 1
FF - user.js: printer_Lexmark_2600_Series.print_paper_height - 11.00
FF - user.js: printer_Lexmark_2600_Series.print_paper_name -
FF - user.js: printer_Lexmark_2600_Series.print_paper_size_type - 0
FF - user.js: printer_Lexmark_2600_Series.print_paper_size_unit - 0
FF - user.js: printer_Lexmark_2600_Series.print_paper_width - 8.50
FF - user.js: printer_Lexmark_2600_Series.print_plex_name -
FF - user.js: printer_Lexmark_2600_Series.print_resolution_name -
FF - user.js: printer_Lexmark_2600_Series.print_reversed - false
FF - user.js: printer_Lexmark_2600_Series.print_scaling - 1.00
FF - user.js: printer_Lexmark_2600_Series.print_shrink_to_fit - true
FF - user.js: printer_Lexmark_2600_Series.print_to_file - false
FF - user.js: printer_Lexmark_2600_Series.print_to_filename -
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_left - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_right - 0
FF - user.js: printer_Lexmark_2600_Series.print_unwriteable_margin_top - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_colorspace -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_command -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footercenter -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headercenter -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_page_delay - 50
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_data - 1
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_plex_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_resolution_name -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_to_filename -
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1322359682
FF - user.js: toolkit.telemetry.prompted - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324949738
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG9\avgam.exe
c:\program files (x86)\AVG\AVG9\avgcsrvx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\IObit\Advanced SystemCare 5\AutoSweep.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Easy Settings\SmartSetting.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Easy Settings\dmhkcore.exe
c:\program files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Kies\KiesHelper.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
c:\progra~2\AVG\AVG9\avgtray.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\LOLReplay\LOLRecorder.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe
c:\program files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-07-21 16:45:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-21 21:45
ComboFix2.txt 2012-07-18 08:18
.
Pre-Run: 138,774,642,688 bytes free
Post-Run: 138,534,244,352 bytes free
.
- - End Of File - - C15F28C996D285CBD112573D73F08C42


Please let me know of anything else you might require me to run.

Edited by Akira Yatsu, 21 July 2012 - 04:58 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 21 July 2012 - 09:48 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Akira Yatsu

Akira Yatsu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 23 July 2012 - 01:38 PM

Uh, comboreport?

?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?? Messenger
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
µTorrent
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Advanced SystemCare 5
Agatha Christie - Death on the Nile
Alice: Madness Returns
Amazon MP3 Downloader 1.0.15
„Messenger“ pagalbine priemone
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
aTube Catcher
aTube Toolbar
AVG 9.0
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
„Windows Live Messenger“
„Windows Live“ fotogalerija
Bastion
Bejeweled 2 Deluxe
Best Buy Connect
Best Buy pc app
Bing Bar
Build-a-lot
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Complemento Messenger
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Diablo III
Diner Dash 2 Restaurant Rescue
Doplnok programu Messenger
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801
Easy File Share
Easy Migration
Easy Settings
Easy Software Manager
Easy Support Center 1.0
eReg
Farm Frenzy
Fiesta
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Insaniquarium Deluxe
Intel PROSet Wireless
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® WiDi
Interactive Guide
Jamestown
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
John Deere Drive Green
Junk Mail filter update
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
League of Legends
LIMBO
LOLReplay
Magicka
McAfee Security Scan Plus
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft .NET Framework 1.1
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Niña Que Llora (Llorando)
NightSky
Norton Online Backup
OpenAL
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Pando Media Booster
Peggle
Penguins!
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pomocnik Messenger
Pošta Windows Live
PX Profile Update
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Rusty Hearts
S?????? f?t???af??? t?? Windows Live
Samsung Kies
Samsung Recovery Solution 5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
Smart Defrag 2
Software Launcher
Spremljevalec Messenger
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Steam
Super Meat Boy
Super Meat Boy Editor
Team Fortress 2
TeamViewer 7
The Elder Scrolls V: Skyrim
Titan Quest
Titan Quest: Immortal Throne
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
uTorrentBar Toolbar
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.11
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe


Here! I gope this is what you were looking for?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 23 July 2012 - 01:52 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Bing Bar
Java™ 6 Update 31
McAfee Security Scan Plus
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Akira Yatsu

Akira Yatsu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 23 July 2012 - 07:15 PM

I have an uninstaller inside my Advanced System care, do you think that can be of use?

The CCleaner and the other items will go in, I used to have them on a previous laptop i used, and know they are real useful.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users