Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/ATRAPS.GEN2


  • This topic is locked This topic is locked
24 replies to this topic

#1 JMAXWORTHY

JMAXWORTHY

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 28 July 2012 - 10:33 AM

Hello - I was asked to create a new topic for further help from previous posting per below.
http://www.bleepingcomputer.com/forums/topic459617.html/page__pid__2754816#entry2754816

I have followed the steps per the preparation guide - 1- have backed up data, my firewall is on but it won't allow me to set to recommended settings (error 0x80070424), have disabled CD Emulation, have run DDS (without any problems), when running GMER, the boxes you wanted unchecked were unchecked, but I could not check the boxes system, sections,devices, processes, modules, threads, and libraries.

The requested logs are attached and below. I really appreciate your help. This TR/ATRAPS.Gen2 seems to allow all kinds of other virus program to enter my computer. Avira finds them, but they keep coming back. Thank you again.

John Maxworthy

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by JMAXWORTHY at 10:43:55 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5331 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\ProgramData\iTwin\iTwinAssist.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Users\JMAXWORTHY\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\JMAXWORTHY\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\JMAXWORTHY\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\jusched.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Shop To Win\ShopToWin.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uStart Page = hxxp://mysite.verizon.net/jmaxworthy/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Amazon Cloud Drive] C:\Users\JMAXWORTHY\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
StartupFolder: C:\Users\JMAXWO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\JMAXWO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Users\JMAXWORTHY\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{4C910C98-4BCC-4353-9549-97156F7DF30D} : DhcpNameServer = 192.168.1.1 68.237.161.12
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Veoh Video Compass: {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} -
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JMAXWORTHY\AppData\Roaming\Mozilla\Firefox\Profiles\453ep54z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mysite.verizon.net/jmaxworthy/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\JMAXWORTHY\AppData\Roaming\Mozilla\Firefox\Profiles\453ep54z.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]
R1 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
R1 PSSDKLBF;PSSDKLBF;\??\C:\Windows\system32\Drivers\pssdklbf.sys --> C:\Windows\system32\Drivers\pssdklbf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-17 92160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-7-4 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-7-4 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-2-5 61064]
R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-2-5 23176]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-11-9 818712]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-17 1692480]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-10 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-10 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-1 129976]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-28 14:31:23 -------- d-----w- C:\Program Files (x86)\Shop To Win
2012-07-28 14:31:21 -------- d-----w- C:\Program Files (x86)\STW Installer
2012-07-28 14:31:15 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-07-28 02:56:19 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{B47C19DA-876C-4B58-AA67-40319EF77EED}
2012-07-27 14:55:47 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{55FCB02C-CD7B-44F9-B5F6-242C706A9B26}
2012-07-27 02:55:15 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{705ACE95-FA03-4C25-9D94-452572479596}
2012-07-26 14:54:42 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{0D959D55-2209-49BD-8514-7F8FA7A5FF61}
2012-07-26 02:54:09 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{C63F6D4D-6C2B-4357-8072-9ECB3EC7758A}
2012-07-25 14:53:37 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{B0334CCC-748D-49F5-BC8E-74C325210BB2}
2012-07-25 02:53:04 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{3B94C263-0D08-44F6-8EF3-5F747AFEF52D}
2012-07-24 14:52:31 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{ED9ED0B5-55DE-4381-8394-636884FD4F1D}
2012-07-24 14:52:21 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{2855D84B-B4A5-4FD6-A3F6-ECD75F9B0F96}
2012-07-23 01:21:09 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{FD64F15F-3CEE-4E08-8D14-185ABA6D7745}
2012-07-22 13:20:36 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{2D7CFC56-74C7-4DD5-82F7-492814A52204}
2012-07-22 01:20:04 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{6F49718A-82C8-4692-8B43-05DC2C07ABAA}
2012-07-21 14:08:52 -------- d-s---w- C:\Users\JMAXWORTHY\Google Drive
2012-07-21 13:19:26 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{3B725AB2-8D6A-4064-85E4-70717B6C7FD5}
2012-07-21 13:19:12 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{37A08262-3272-4FC3-AB5F-B503354B5804}
2012-07-20 08:52:48 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{C79DE341-3C7A-4AEB-9EAA-B563CE5C3739}
2012-07-19 20:52:14 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{0C2B1A41-5002-4A3B-9A45-CDA6DD5DAF10}
2012-07-19 20:51:53 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{B55EA503-B913-49AE-93A0-7AC0542FA162}
2012-07-19 08:51:24 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{7A254028-A9B0-4596-AAEE-DB4D0764B3E0}
2012-07-19 08:51:02 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{0E2703CB-13E1-40AE-A14F-98261B7E9019}
2012-07-18 20:50:37 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{A10FCAA8-4FE5-46A9-AF4C-8D3E774753BA}
2012-07-18 08:50:04 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{2F87F9F9-32BB-4CE3-91D3-7CC217681E07}
2012-07-17 20:49:32 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{8986A61F-C544-420E-8525-3DB1873DA5A1}
2012-07-17 08:49:00 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{BE8418B3-8EBD-4145-86CE-3EDAC881E5CC}
2012-07-16 20:48:27 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{05EFA7B6-6705-42F3-ADA5-FCAC5CE5C6F3}
2012-07-16 08:47:54 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{E67DD549-4754-4B89-AF4C-613AC6286EEC}
2012-07-15 20:47:21 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{87175273-8899-47EA-B747-76256BDFCCDB}
2012-07-15 08:46:48 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{F9D15476-0C25-4419-B9BF-8B66854AE0A5}
2012-07-14 20:46:16 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{AEE255C8-3974-4138-B319-1BC070FEC393}
2012-07-14 08:45:43 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{F50448C4-B175-4BE6-9544-941407C8CF31}
2012-07-14 08:45:22 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{C527512F-8772-4487-A510-1EF325655566}
2012-07-13 20:44:58 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{6C2119A9-2C20-4533-8E08-211E10D8738B}
2012-07-13 08:44:26 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{9219F8DB-B9CD-454E-9696-C828A50240E4}
2012-07-12 20:43:54 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{8478C43F-CEA1-4635-9A82-C9EA5C2E58E1}
2012-07-12 08:43:21 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{D1F36398-AF51-4D27-9E01-27326F2E550E}
2012-07-11 20:42:49 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{5F063130-9AC0-4A65-9CAC-245E269BE6D9}
2012-07-11 08:42:15 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{7A61BC86-818C-4E07-8CDD-A1840ECA711D}
2012-07-10 20:41:43 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{DB521CBE-CD63-4D55-B5A2-02E30CF3B06B}
2012-07-10 08:41:10 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{544F6E76-2624-407E-9339-28608B5067B2}
2012-07-09 20:40:37 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{AD770631-C255-4243-9A9D-419F6A80CBA3}
2012-07-09 20:40:16 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{789C623B-B952-4C59-BAB5-8BE890901037}
2012-07-09 10:18:09 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-09 09:50:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-09 08:39:52 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{661646DB-24F3-4FB6-9CFE-9FF4CC2C4AE0}
2012-07-08 20:39:19 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{3A3CCE2F-CE77-42B3-B1CA-8BDA92CFD546}
2012-07-08 08:38:44 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{903BBCD2-3BDD-4B5A-805E-689C9E28599E}
2012-07-08 08:38:22 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{9B545C12-E8E1-4168-A89A-544E3557298F}
2012-07-07 20:37:58 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{A2D8A1CC-8187-407F-88FA-BA2F23807AFA}
2012-07-07 20:37:36 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{849C28E1-2F25-4AF9-8247-63AA7C54AC25}
2012-07-07 08:37:11 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{B8D601A4-38B9-4DB0-87C4-6240CEC2701B}
2012-07-07 08:36:49 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{E4EB2D85-469C-47F1-AD04-5E0A9A3820A3}
2012-07-07 07:38:31 20480 ----a-w- C:\Windows\svchost.exe
2012-07-06 20:36:24 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{D986F364-1DA7-472A-8195-751FAC3AF1DF}
2012-07-06 20:36:02 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{9C25B778-4DA8-451F-9651-92F38DE1616E}
2012-07-06 08:35:38 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{E131F96B-E49A-4530-BC6E-28591B1A70E6}
2012-07-05 20:35:06 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{F28E2E68-5C29-40E8-A30C-C1249D0E7767}
2012-07-05 08:34:34 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{F8DE9C92-EAE1-4EB4-A75E-899C86CFA8EB}
2012-07-04 20:34:01 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{BF68E45D-8DF5-40DD-8397-B9B9C761C436}
2012-07-04 08:33:28 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{A26CC261-3D40-42F3-8714-814F8D9F2F5C}
2012-07-03 20:32:56 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{EE3D6222-4872-4C38-AF5C-CA26F4A97677}
2012-07-03 08:32:22 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{C39A8E25-87CE-42B7-BCB1-D9089CDDDA05}
2012-07-03 08:32:00 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{047107D5-6188-41F0-86A5-58432D5B0042}
2012-07-02 20:31:36 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{8887D69C-3F61-42D6-8122-0FC38C73F0FA}
2012-07-02 08:34:34 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{5FEA92EF-4628-4333-B681-278B546074C8}
2012-07-02 08:34:25 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{DB4A348D-DEC1-4767-AF4A-26B7AA2B0FF8}
2012-07-02 08:34:15 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{04088C2D-817E-4BD6-9111-F2D3A5587E6A}
2012-07-01 20:33:43 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{1566B1E6-5EB4-4E75-9F03-6B81BA426094}
2012-07-01 17:47:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-01 17:47:26 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-01 17:47:26 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-01 08:33:11 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{30281719-CDA2-4679-BF77-725600E66C4F}
2012-07-01 08:33:01 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{15B0711F-EBAB-40E2-839E-4A7D2A8AAC60}
2012-07-01 08:32:52 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{CE5C972A-6020-4D53-B236-6C3E8C5B0227}
2012-06-30 20:32:20 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{A620BC50-4AE0-4DBB-92D2-B038D1B081A6}
2012-06-30 08:31:48 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{11328F75-6F51-4BF0-810C-5A15F616E31A}
2012-06-29 08:41:09 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{D9D4B550-9F38-4E21-865E-8A603F8B7604}
2012-06-28 20:40:37 -------- d-----w- C:\Users\JMAXWORTHY\AppData\Local\{6AED65A6-2EBE-4A7B-904C-445F1D3153CF}
.
==================== Find3M ====================
.
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 10:44:17.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 29 July 2012 - 02:25 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JMAXWORTHY

JMAXWORTHY
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 30 July 2012 - 03:07 AM

Thank you. I will get started tonight when I get home from work.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 30 July 2012 - 03:35 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JMAXWORTHY

JMAXWORTHY
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 30 July 2012 - 05:55 PM

Hello Gringo - below is the log from Security check. It ran without any issues.

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

I shutdown Avari and ran ComboFix. I could not find any log generated and ran it again. Still could not find any log.
I turned on Avari and the Malware notices keep appearing for TR/ATRAPS.GEN2 from Avira.

Is there someplace I am missing to find the Combofix log??

John Maxworthy

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 30 July 2012 - 10:18 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JMAXWORTHY

JMAXWORTHY
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 31 July 2012 - 05:27 AM

Hello - before I start your requested steps tonight,I do have one question.

I don't have a Windows installation disc. Windows was preinstalled when the computer was purchased. I did originally make a "Dell Recovery disc". Would that work instead?

Thanks.

John Maxworthy

#8 JMAXWORTHY

JMAXWORTHY
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 01 August 2012 - 04:24 AM

Hello - Below is the frst.txt and the search.txt reports. (I did not understand initially it was a choice between using BIOS or the Windows Installation Disc when I asked the question in the previous post. I used BIOS.)

Thanks.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 01-08-2012 06:01:48
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16327712 2009-06-26] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [iTwinAssist] "C:\ProgramData\iTwin\iTwinAssist.exe" [660840 2012-02-03] (iTwin)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2010-11-03] (Avira GmbH)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141624 2010-06-15] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [567320 2011-02-08] (PDF Complete Inc)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [70792 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [743560 2011-12-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKU\JMAXWORTHY\...\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012912 2010-02-18] (SUPERAntiSpyware.com)
HKU\JMAXWORTHY\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [5915480 2010-10-29] (Logitech Inc.)
HKU\JMAXWORTHY\...\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)
HKU\JMAXWORTHY\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [5013128 2011-10-23] ()
HKU\JMAXWORTHY\...\Run: [Amazon Cloud Drive] C:\Users\JMAXWORTHY\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [424848 2012-05-24] ()
HKU\JMAXWORTHY\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163848 2012-06-20] (Google)
HKU\JMAXWORTHY\...\Run: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe [2219008 2012-05-02] (Jackpot Rewards)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer [155648 2012-01-30] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer [135168 2012-01-30] (DivX, LLC)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [335872 2012-01-30] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1101824 2012-01-30] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\JMAXWORTHY\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\JMAXWORTHY\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> (No File)

==================== Services (Whitelisted) ======

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [136360 2011-04-27] (Avira GmbH)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [269480 2011-07-01] (Avira GmbH)
2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [531328 2012-02-09] (Splashtop Inc.)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-15] (Splashtop Inc.)

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [88288 2011-07-01] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [123784 2011-07-01] (Avira GmbH)
3 CompFilter64; C:\Windows\System32\DRIVERS\lvbflt64.sys [23904 2011-04-01] (Logitech Inc.)
0 EUBAKUP; C:\Windows\System32\Drivers\EUBAKUP.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [51336 2011-12-22] ()
1 EUDSKACS; C:\Windows\System32\Drivers\EUDSKACS.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
1 EUFDDISK; C:\Windows\System32\Drivers\EUFDDISK.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
1 PSSDK42; C:\Windows\System32\Drivers\PSSDK42.sys [53312 2010-07-15] (microOLAP Technologies LTD)
1 PSSDKLBF; C:\Windows\System32\Drivers\PSSDKLBF.sys [65600 2010-07-15] (microOLAP Technologies LTD)
1 SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 silabenm; C:\Windows\System32\Drivers\silabenm.sys [27336 2011-08-08] (Silicon Laboratories)
3 silabser; C:\Windows\System32\Drivers\silabser.sys [70656 2011-08-08] (Silicon Laboratories)
3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-01 06:01 - 2012-08-01 06:01 - 00000000 ____D C:\FRST
2012-07-31 22:01 - 2012-07-31 22:01 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{79EA093A-6AAA-4004-BA9B-96CA9BDF8E49}
2012-07-31 22:01 - 2012-07-31 22:01 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{79EA093A-6AAA-4004-BA9B-96CA9BDF8E49}
2012-07-31 22:01 - 2012-07-31 22:01 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{79EA093A-6AAA-4004-BA9B-96CA9BDF8E49}
2012-07-31 10:00 - 2012-07-31 10:00 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{B8D27FA3-5703-464C-9B42-527A03C58FE6}
2012-07-31 10:00 - 2012-07-31 10:00 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{B8D27FA3-5703-464C-9B42-527A03C58FE6}
2012-07-31 10:00 - 2012-07-31 10:00 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{B8D27FA3-5703-464C-9B42-527A03C58FE6}
2012-07-30 22:00 - 2012-07-30 22:00 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{A4064A90-9017-44C4-BFFC-754712381F73}
2012-07-30 22:00 - 2012-07-30 22:00 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{A4064A90-9017-44C4-BFFC-754712381F73}
2012-07-30 22:00 - 2012-07-30 22:00 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{A4064A90-9017-44C4-BFFC-754712381F73}
2012-07-30 17:41 - 2012-07-30 17:43 - 00000000 ___SD C:\32788R22FWJFW
2012-07-30 17:41 - 2012-07-30 17:43 - 00000000 ____D C:\Qoobox
2012-07-30 17:41 - 2012-07-30 17:41 - 00000000 ____D C:\Windows\erdnt
2012-07-30 09:59 - 2012-07-30 09:59 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{2DFC5E2C-0318-4BC4-AD4C-9631A0459460}
2012-07-30 09:59 - 2012-07-30 09:59 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{2DFC5E2C-0318-4BC4-AD4C-9631A0459460}
2012-07-30 09:59 - 2012-07-30 09:59 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{2DFC5E2C-0318-4BC4-AD4C-9631A0459460}
2012-07-30 03:13 - 2012-07-30 17:39 - 00000000 ____D C:\Users\JMAXWORTHY\Desktop\BLEEPING III
2012-07-29 21:59 - 2012-07-29 21:59 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{381571D3-35A5-403A-A062-6EEA5DF8A895}
2012-07-29 21:59 - 2012-07-29 21:59 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{381571D3-35A5-403A-A062-6EEA5DF8A895}
2012-07-29 21:59 - 2012-07-29 21:59 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{381571D3-35A5-403A-A062-6EEA5DF8A895}
2012-07-29 21:58 - 2012-07-31 22:01 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{DB055994-05BD-4462-BBA4-227E4D3712B5}
2012-07-29 21:58 - 2012-07-31 22:01 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{DB055994-05BD-4462-BBA4-227E4D3712B5}
2012-07-29 21:58 - 2012-07-31 22:01 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{DB055994-05BD-4462-BBA4-227E4D3712B5}
2012-07-29 09:58 - 2012-07-29 09:58 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{4E3E163A-BADD-4CB4-ABCD-427435EAFB01}
2012-07-29 09:58 - 2012-07-29 09:58 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{4E3E163A-BADD-4CB4-ABCD-427435EAFB01}
2012-07-29 09:58 - 2012-07-29 09:58 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{4E3E163A-BADD-4CB4-ABCD-427435EAFB01}
2012-07-29 09:14 - 2012-07-29 09:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-28 21:57 - 2012-07-29 09:58 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{2F85D194-EC2A-4254-BEE7-5AF467626E74}
2012-07-28 21:57 - 2012-07-29 09:58 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{2F85D194-EC2A-4254-BEE7-5AF467626E74}
2012-07-28 21:57 - 2012-07-29 09:58 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{2F85D194-EC2A-4254-BEE7-5AF467626E74}
2012-07-28 21:57 - 2012-07-28 21:58 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{3DDFEF40-2EA8-46B7-BF89-A902BFE0A1E7}
2012-07-28 21:57 - 2012-07-28 21:58 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{3DDFEF40-2EA8-46B7-BF89-A902BFE0A1E7}
2012-07-28 21:57 - 2012-07-28 21:58 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{3DDFEF40-2EA8-46B7-BF89-A902BFE0A1E7}
2012-07-28 09:57 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{A0412E6D-05D9-40E3-9B94-0240F4E958FC}
2012-07-28 09:57 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{385D64F4-00E3-485B-A3FC-6FE8B42ADD6D}
2012-07-28 09:57 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{A0412E6D-05D9-40E3-9B94-0240F4E958FC}
2012-07-28 09:57 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{385D64F4-00E3-485B-A3FC-6FE8B42ADD6D}
2012-07-28 09:57 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{A0412E6D-05D9-40E3-9B94-0240F4E958FC}
2012-07-28 09:57 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{385D64F4-00E3-485B-A3FC-6FE8B42ADD6D}
2012-07-28 09:56 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{8D08B6C1-92A2-4A41-8E54-A6D12C85285C}
2012-07-28 09:56 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{8D08B6C1-92A2-4A41-8E54-A6D12C85285C}
2012-07-28 09:56 - 2012-07-28 09:57 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{8D08B6C1-92A2-4A41-8E54-A6D12C85285C}
2012-07-28 09:42 - 2012-07-28 09:43 - 00607260 ____R (Swearware) C:\Users\JMAXWORTHY\Downloads\dds.scr
2012-07-28 09:38 - 2012-07-28 09:38 - 00000000 ____A C:\Users\JMAXWORTHY\defogger_reenable
2012-07-28 09:31 - 2012-07-28 13:31 - 00000000 ____D C:\Program Files (x86)\Shop To Win
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Users\JMAXWORTHY\My Documents\ShopToWin
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Users\JMAXWORTHY\Documents\ShopToWin
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Users\JMAXWORTHY\Application Data\Yahoo!
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Roaming\Yahoo!
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Users\All Users\Yahoo!
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo!
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2012-07-28 09:31 - 2012-07-28 09:31 - 00000000 ____D C:\Program Files (x86)\7-zip
2012-07-27 21:56 - 2012-07-27 21:56 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{B47C19DA-876C-4B58-AA67-40319EF77EED}
2012-07-27 21:56 - 2012-07-27 21:56 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{B47C19DA-876C-4B58-AA67-40319EF77EED}
2012-07-27 21:56 - 2012-07-27 21:56 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{B47C19DA-876C-4B58-AA67-40319EF77EED}
2012-07-27 09:55 - 2012-07-27 09:55 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{55FCB02C-CD7B-44F9-B5F6-242C706A9B26}
2012-07-27 09:55 - 2012-07-27 09:55 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{55FCB02C-CD7B-44F9-B5F6-242C706A9B26}
2012-07-27 09:55 - 2012-07-27 09:55 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{55FCB02C-CD7B-44F9-B5F6-242C706A9B26}
2012-07-26 21:55 - 2012-07-26 21:55 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{705ACE95-FA03-4C25-9D94-452572479596}
2012-07-26 21:55 - 2012-07-26 21:55 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{705ACE95-FA03-4C25-9D94-452572479596}
2012-07-26 21:55 - 2012-07-26 21:55 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{705ACE95-FA03-4C25-9D94-452572479596}
2012-07-26 09:54 - 2012-07-26 09:54 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{0D959D55-2209-49BD-8514-7F8FA7A5FF61}
2012-07-26 09:54 - 2012-07-26 09:54 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{0D959D55-2209-49BD-8514-7F8FA7A5FF61}
2012-07-26 09:54 - 2012-07-26 09:54 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{0D959D55-2209-49BD-8514-7F8FA7A5FF61}
2012-07-25 21:54 - 2012-07-25 21:54 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{C63F6D4D-6C2B-4357-8072-9ECB3EC7758A}
2012-07-25 21:54 - 2012-07-25 21:54 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{C63F6D4D-6C2B-4357-8072-9ECB3EC7758A}
2012-07-25 21:54 - 2012-07-25 21:54 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{C63F6D4D-6C2B-4357-8072-9ECB3EC7758A}
2012-07-25 09:53 - 2012-07-25 09:53 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{B0334CCC-748D-49F5-BC8E-74C325210BB2}
2012-07-25 09:53 - 2012-07-25 09:53 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{B0334CCC-748D-49F5-BC8E-74C325210BB2}
2012-07-25 09:53 - 2012-07-25 09:53 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{B0334CCC-748D-49F5-BC8E-74C325210BB2}
2012-07-24 21:53 - 2012-07-24 21:53 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{3B94C263-0D08-44F6-8EF3-5F747AFEF52D}
2012-07-24 21:53 - 2012-07-24 21:53 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{3B94C263-0D08-44F6-8EF3-5F747AFEF52D}
2012-07-24 21:53 - 2012-07-24 21:53 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{3B94C263-0D08-44F6-8EF3-5F747AFEF52D}
2012-07-24 09:52 - 2012-07-28 09:56 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{2855D84B-B4A5-4FD6-A3F6-ECD75F9B0F96}
2012-07-24 09:52 - 2012-07-28 09:56 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{2855D84B-B4A5-4FD6-A3F6-ECD75F9B0F96}
2012-07-24 09:52 - 2012-07-28 09:56 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{2855D84B-B4A5-4FD6-A3F6-ECD75F9B0F96}
2012-07-24 09:52 - 2012-07-24 09:52 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{ED9ED0B5-55DE-4381-8394-636884FD4F1D}
2012-07-24 09:52 - 2012-07-24 09:52 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{ED9ED0B5-55DE-4381-8394-636884FD4F1D}
2012-07-24 09:52 - 2012-07-24 09:52 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{ED9ED0B5-55DE-4381-8394-636884FD4F1D}
2012-07-22 20:21 - 2012-07-22 20:21 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{FD64F15F-3CEE-4E08-8D14-185ABA6D7745}
2012-07-22 20:21 - 2012-07-22 20:21 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{FD64F15F-3CEE-4E08-8D14-185ABA6D7745}
2012-07-22 20:21 - 2012-07-22 20:21 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{FD64F15F-3CEE-4E08-8D14-185ABA6D7745}
2012-07-22 08:20 - 2012-07-22 08:20 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{2D7CFC56-74C7-4DD5-82F7-492814A52204}
2012-07-22 08:20 - 2012-07-22 08:20 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{2D7CFC56-74C7-4DD5-82F7-492814A52204}
2012-07-22 08:20 - 2012-07-22 08:20 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{2D7CFC56-74C7-4DD5-82F7-492814A52204}
2012-07-21 20:20 - 2012-07-21 20:20 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{6F49718A-82C8-4692-8B43-05DC2C07ABAA}
2012-07-21 20:20 - 2012-07-21 20:20 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{6F49718A-82C8-4692-8B43-05DC2C07ABAA}
2012-07-21 20:20 - 2012-07-21 20:20 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{6F49718A-82C8-4692-8B43-05DC2C07ABAA}
2012-07-21 09:08 - 2012-07-31 12:43 - 00000000 ___SD C:\Users\JMAXWORTHY\Google Drive
2012-07-21 09:08 - 2012-07-21 09:08 - 00001713 ____A C:\Users\JMAXWORTHY\Desktop\Google Drive.lnk
2012-07-21 09:08 - 2012-07-21 09:08 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\LocalGoogle
2012-07-21 08:31 - 2012-07-30 03:13 - 00000000 ____D C:\Users\JMAXWORTHY\Desktop\BLEEPING II
2012-07-21 08:19 - 2012-07-22 20:21 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{37A08262-3272-4FC3-AB5F-B503354B5804}
2012-07-21 08:19 - 2012-07-22 20:21 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{37A08262-3272-4FC3-AB5F-B503354B5804}
2012-07-21 08:19 - 2012-07-22 20:21 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{37A08262-3272-4FC3-AB5F-B503354B5804}
2012-07-21 08:19 - 2012-07-21 08:19 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{3B725AB2-8D6A-4064-85E4-70717B6C7FD5}
2012-07-21 08:19 - 2012-07-21 08:19 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{3B725AB2-8D6A-4064-85E4-70717B6C7FD5}
2012-07-21 08:19 - 2012-07-21 08:19 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{3B725AB2-8D6A-4064-85E4-70717B6C7FD5}
2012-07-20 03:52 - 2012-07-20 03:52 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{C79DE341-3C7A-4AEB-9EAA-B563CE5C3739}
2012-07-20 03:52 - 2012-07-20 03:52 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{C79DE341-3C7A-4AEB-9EAA-B563CE5C3739}
2012-07-20 03:52 - 2012-07-20 03:52 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{C79DE341-3C7A-4AEB-9EAA-B563CE5C3739}
2012-07-19 15:52 - 2012-07-19 15:52 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{0C2B1A41-5002-4A3B-9A45-CDA6DD5DAF10}
2012-07-19 15:52 - 2012-07-19 15:52 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{0C2B1A41-5002-4A3B-9A45-CDA6DD5DAF10}
2012-07-19 15:52 - 2012-07-19 15:52 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{0C2B1A41-5002-4A3B-9A45-CDA6DD5DAF10}
2012-07-19 15:51 - 2012-07-20 03:52 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{B55EA503-B913-49AE-93A0-7AC0542FA162}
2012-07-19 15:51 - 2012-07-20 03:52 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{B55EA503-B913-49AE-93A0-7AC0542FA162}
2012-07-19 15:51 - 2012-07-20 03:52 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{B55EA503-B913-49AE-93A0-7AC0542FA162}
2012-07-19 03:51 - 2012-07-19 03:51 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{7A254028-A9B0-4596-AAEE-DB4D0764B3E0}
2012-07-19 03:51 - 2012-07-19 03:51 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{0E2703CB-13E1-40AE-A14F-98261B7E9019}
2012-07-19 03:51 - 2012-07-19 03:51 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{7A254028-A9B0-4596-AAEE-DB4D0764B3E0}
2012-07-19 03:51 - 2012-07-19 03:51 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{0E2703CB-13E1-40AE-A14F-98261B7E9019}
2012-07-19 03:51 - 2012-07-19 03:51 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{7A254028-A9B0-4596-AAEE-DB4D0764B3E0}
2012-07-19 03:51 - 2012-07-19 03:51 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{0E2703CB-13E1-40AE-A14F-98261B7E9019}
2012-07-18 15:50 - 2012-07-18 15:50 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{A10FCAA8-4FE5-46A9-AF4C-8D3E774753BA}
2012-07-18 15:50 - 2012-07-18 15:50 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{A10FCAA8-4FE5-46A9-AF4C-8D3E774753BA}
2012-07-18 15:50 - 2012-07-18 15:50 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{A10FCAA8-4FE5-46A9-AF4C-8D3E774753BA}
2012-07-18 03:50 - 2012-07-18 03:50 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{2F87F9F9-32BB-4CE3-91D3-7CC217681E07}
2012-07-18 03:50 - 2012-07-18 03:50 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{2F87F9F9-32BB-4CE3-91D3-7CC217681E07}
2012-07-18 03:50 - 2012-07-18 03:50 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{2F87F9F9-32BB-4CE3-91D3-7CC217681E07}
2012-07-17 15:49 - 2012-07-17 15:49 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{8986A61F-C544-420E-8525-3DB1873DA5A1}
2012-07-17 15:49 - 2012-07-17 15:49 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{8986A61F-C544-420E-8525-3DB1873DA5A1}
2012-07-17 15:49 - 2012-07-17 15:49 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{8986A61F-C544-420E-8525-3DB1873DA5A1}
2012-07-17 03:49 - 2012-07-17 03:49 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{BE8418B3-8EBD-4145-86CE-3EDAC881E5CC}
2012-07-17 03:49 - 2012-07-17 03:49 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{BE8418B3-8EBD-4145-86CE-3EDAC881E5CC}
2012-07-17 03:49 - 2012-07-17 03:49 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{BE8418B3-8EBD-4145-86CE-3EDAC881E5CC}
2012-07-16 15:48 - 2012-07-16 15:48 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{05EFA7B6-6705-42F3-ADA5-FCAC5CE5C6F3}
2012-07-16 15:48 - 2012-07-16 15:48 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{05EFA7B6-6705-42F3-ADA5-FCAC5CE5C6F3}
2012-07-16 15:48 - 2012-07-16 15:48 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{05EFA7B6-6705-42F3-ADA5-FCAC5CE5C6F3}
2012-07-16 03:47 - 2012-07-16 03:48 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{E67DD549-4754-4B89-AF4C-613AC6286EEC}
2012-07-16 03:47 - 2012-07-16 03:48 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{E67DD549-4754-4B89-AF4C-613AC6286EEC}
2012-07-16 03:47 - 2012-07-16 03:48 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{E67DD549-4754-4B89-AF4C-613AC6286EEC}
2012-07-15 15:47 - 2012-07-15 15:47 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{87175273-8899-47EA-B747-76256BDFCCDB}
2012-07-15 15:47 - 2012-07-15 15:47 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{87175273-8899-47EA-B747-76256BDFCCDB}
2012-07-15 15:47 - 2012-07-15 15:47 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{87175273-8899-47EA-B747-76256BDFCCDB}
2012-07-15 03:46 - 2012-07-15 03:46 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{F9D15476-0C25-4419-B9BF-8B66854AE0A5}
2012-07-15 03:46 - 2012-07-15 03:46 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{F9D15476-0C25-4419-B9BF-8B66854AE0A5}
2012-07-15 03:46 - 2012-07-15 03:46 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{F9D15476-0C25-4419-B9BF-8B66854AE0A5}
2012-07-14 15:46 - 2012-07-14 15:46 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{AEE255C8-3974-4138-B319-1BC070FEC393}
2012-07-14 15:46 - 2012-07-14 15:46 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{AEE255C8-3974-4138-B319-1BC070FEC393}
2012-07-14 15:46 - 2012-07-14 15:46 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{AEE255C8-3974-4138-B319-1BC070FEC393}
2012-07-14 03:45 - 2012-07-18 15:50 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{C527512F-8772-4487-A510-1EF325655566}
2012-07-14 03:45 - 2012-07-18 15:50 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{C527512F-8772-4487-A510-1EF325655566}
2012-07-14 03:45 - 2012-07-18 15:50 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{C527512F-8772-4487-A510-1EF325655566}
2012-07-14 03:45 - 2012-07-14 03:45 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{F50448C4-B175-4BE6-9544-941407C8CF31}
2012-07-14 03:45 - 2012-07-14 03:45 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{F50448C4-B175-4BE6-9544-941407C8CF31}
2012-07-14 03:45 - 2012-07-14 03:45 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{F50448C4-B175-4BE6-9544-941407C8CF31}
2012-07-13 21:53 - 2012-07-13 21:53 - 00291560 ____A C:\Windows\Minidump\071312-22417-01.dmp
2012-07-13 21:40 - 2012-07-13 21:40 - 00000000 ____D C:\Users\JMAXWORTHY\Desktop\tdsskiller
2012-07-13 15:44 - 2012-07-13 15:45 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{6C2119A9-2C20-4533-8E08-211E10D8738B}
2012-07-13 15:44 - 2012-07-13 15:45 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{6C2119A9-2C20-4533-8E08-211E10D8738B}
2012-07-13 15:44 - 2012-07-13 15:45 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{6C2119A9-2C20-4533-8E08-211E10D8738B}
2012-07-13 03:44 - 2012-07-13 03:44 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{9219F8DB-B9CD-454E-9696-C828A50240E4}
2012-07-13 03:44 - 2012-07-13 03:44 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{9219F8DB-B9CD-454E-9696-C828A50240E4}
2012-07-13 03:44 - 2012-07-13 03:44 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{9219F8DB-B9CD-454E-9696-C828A50240E4}
2012-07-12 15:43 - 2012-07-12 15:44 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{8478C43F-CEA1-4635-9A82-C9EA5C2E58E1}
2012-07-12 15:43 - 2012-07-12 15:44 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{8478C43F-CEA1-4635-9A82-C9EA5C2E58E1}
2012-07-12 15:43 - 2012-07-12 15:44 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{8478C43F-CEA1-4635-9A82-C9EA5C2E58E1}
2012-07-12 03:43 - 2012-07-12 03:43 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{D1F36398-AF51-4D27-9E01-27326F2E550E}
2012-07-12 03:43 - 2012-07-12 03:43 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{D1F36398-AF51-4D27-9E01-27326F2E550E}
2012-07-12 03:43 - 2012-07-12 03:43 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{D1F36398-AF51-4D27-9E01-27326F2E550E}
2012-07-11 15:42 - 2012-07-11 15:42 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{5F063130-9AC0-4A65-9CAC-245E269BE6D9}
2012-07-11 15:42 - 2012-07-11 15:42 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{5F063130-9AC0-4A65-9CAC-245E269BE6D9}
2012-07-11 15:42 - 2012-07-11 15:42 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{5F063130-9AC0-4A65-9CAC-245E269BE6D9}
2012-07-11 03:42 - 2012-07-11 03:42 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{7A61BC86-818C-4E07-8CDD-A1840ECA711D}
2012-07-11 03:42 - 2012-07-11 03:42 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{7A61BC86-818C-4E07-8CDD-A1840ECA711D}
2012-07-11 03:42 - 2012-07-11 03:42 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{7A61BC86-818C-4E07-8CDD-A1840ECA711D}
2012-07-10 15:41 - 2012-07-10 15:41 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{DB521CBE-CD63-4D55-B5A2-02E30CF3B06B}
2012-07-10 15:41 - 2012-07-10 15:41 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{DB521CBE-CD63-4D55-B5A2-02E30CF3B06B}
2012-07-10 15:41 - 2012-07-10 15:41 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{DB521CBE-CD63-4D55-B5A2-02E30CF3B06B}
2012-07-10 03:41 - 2012-07-10 03:41 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{544F6E76-2624-407E-9339-28608B5067B2}
2012-07-10 03:41 - 2012-07-10 03:41 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{544F6E76-2624-407E-9339-28608B5067B2}
2012-07-10 03:41 - 2012-07-10 03:41 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{544F6E76-2624-407E-9339-28608B5067B2}
2012-07-09 15:40 - 2012-07-13 15:44 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{789C623B-B952-4C59-BAB5-8BE890901037}
2012-07-09 15:40 - 2012-07-13 15:44 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{789C623B-B952-4C59-BAB5-8BE890901037}
2012-07-09 15:40 - 2012-07-13 15:44 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{789C623B-B952-4C59-BAB5-8BE890901037}
2012-07-09 15:40 - 2012-07-09 15:40 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{AD770631-C255-4243-9A9D-419F6A80CBA3}
2012-07-09 15:40 - 2012-07-09 15:40 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{AD770631-C255-4243-9A9D-419F6A80CBA3}
2012-07-09 15:40 - 2012-07-09 15:40 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{AD770631-C255-4243-9A9D-419F6A80CBA3}
2012-07-09 05:18 - 2012-07-09 05:18 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-09 05:17 - 2012-07-09 05:17 - 02322184 ____A (ESET) C:\Users\JMAXWORTHY\Desktop\esetsmartinstaller_enu.exe
2012-07-09 04:50 - 2012-07-09 04:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-09 04:44 - 2012-07-09 04:44 - 04731392 ____A (AVAST Software) C:\Users\JMAXWORTHY\Desktop\aswMBR.exe
2012-07-09 03:39 - 2012-07-09 03:40 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{661646DB-24F3-4FB6-9CFE-9FF4CC2C4AE0}
2012-07-09 03:39 - 2012-07-09 03:40 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{661646DB-24F3-4FB6-9CFE-9FF4CC2C4AE0}
2012-07-09 03:39 - 2012-07-09 03:40 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{661646DB-24F3-4FB6-9CFE-9FF4CC2C4AE0}
2012-07-08 15:39 - 2012-07-08 15:39 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{3A3CCE2F-CE77-42B3-B1CA-8BDA92CFD546}
2012-07-08 15:39 - 2012-07-08 15:39 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{3A3CCE2F-CE77-42B3-B1CA-8BDA92CFD546}
2012-07-08 15:39 - 2012-07-08 15:39 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{3A3CCE2F-CE77-42B3-B1CA-8BDA92CFD546}
2012-07-08 03:38 - 2012-07-09 03:39 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{9B545C12-E8E1-4168-A89A-544E3557298F}
2012-07-08 03:38 - 2012-07-09 03:39 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{9B545C12-E8E1-4168-A89A-544E3557298F}
2012-07-08 03:38 - 2012-07-09 03:39 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{9B545C12-E8E1-4168-A89A-544E3557298F}
2012-07-08 03:38 - 2012-07-08 03:38 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{903BBCD2-3BDD-4B5A-805E-689C9E28599E}
2012-07-08 03:38 - 2012-07-08 03:38 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{903BBCD2-3BDD-4B5A-805E-689C9E28599E}
2012-07-08 03:38 - 2012-07-08 03:38 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{903BBCD2-3BDD-4B5A-805E-689C9E28599E}
2012-07-07 15:37 - 2012-07-07 15:38 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{A2D8A1CC-8187-407F-88FA-BA2F23807AFA}
2012-07-07 15:37 - 2012-07-07 15:38 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{A2D8A1CC-8187-407F-88FA-BA2F23807AFA}
2012-07-07 15:37 - 2012-07-07 15:38 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{A2D8A1CC-8187-407F-88FA-BA2F23807AFA}
2012-07-07 15:37 - 2012-07-07 15:37 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{849C28E1-2F25-4AF9-8247-63AA7C54AC25}
2012-07-07 15:37 - 2012-07-07 15:37 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{849C28E1-2F25-4AF9-8247-63AA7C54AC25}
2012-07-07 15:37 - 2012-07-07 15:37 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{849C28E1-2F25-4AF9-8247-63AA7C54AC25}
2012-07-07 11:57 - 2012-07-07 11:57 - 00000000 ____D C:\Windows\Sun
2012-07-07 03:58 - 2012-07-07 03:58 - 00283824 ____A C:\Windows\Minidump\070712-26722-01.dmp
2012-07-07 03:37 - 2012-07-07 03:37 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{B8D601A4-38B9-4DB0-87C4-6240CEC2701B}
2012-07-07 03:37 - 2012-07-07 03:37 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{B8D601A4-38B9-4DB0-87C4-6240CEC2701B}
2012-07-07 03:37 - 2012-07-07 03:37 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{B8D601A4-38B9-4DB0-87C4-6240CEC2701B}
2012-07-07 03:36 - 2012-07-07 03:37 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{E4EB2D85-469C-47F1-AD04-5E0A9A3820A3}
2012-07-07 03:36 - 2012-07-07 03:37 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{E4EB2D85-469C-47F1-AD04-5E0A9A3820A3}
2012-07-07 03:36 - 2012-07-07 03:37 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{E4EB2D85-469C-47F1-AD04-5E0A9A3820A3}
2012-07-07 02:38 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-07 02:29 - 2012-07-07 02:29 - 00283672 ____A C:\Windows\Minidump\070712-31949-01.dmp
2012-07-06 15:36 - 2012-07-06 15:36 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{D986F364-1DA7-472A-8195-751FAC3AF1DF}
2012-07-06 15:36 - 2012-07-06 15:36 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{9C25B778-4DA8-451F-9651-92F38DE1616E}
2012-07-06 15:36 - 2012-07-06 15:36 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{D986F364-1DA7-472A-8195-751FAC3AF1DF}
2012-07-06 15:36 - 2012-07-06 15:36 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{9C25B778-4DA8-451F-9651-92F38DE1616E}
2012-07-06 15:36 - 2012-07-06 15:36 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{D986F364-1DA7-472A-8195-751FAC3AF1DF}
2012-07-06 15:36 - 2012-07-06 15:36 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{9C25B778-4DA8-451F-9651-92F38DE1616E}
2012-07-06 14:54 - 2012-07-13 21:53 - 789224219 ____A C:\Windows\MEMORY.DMP
2012-07-06 14:54 - 2012-07-13 21:53 - 00002162 ____A C:\Windows\PFRO.log
2012-07-06 14:54 - 2012-07-06 14:54 - 00284696 ____A C:\Windows\Minidump\070612-23134-01.dmp
2012-07-06 09:50 - 2012-07-29 12:21 - 00001928 ____A C:\Windows\setupact.log
2012-07-06 09:50 - 2012-07-06 09:50 - 00000000 ____A C:\Windows\setuperr.log
2012-07-06 03:35 - 2012-07-06 03:35 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{E131F96B-E49A-4530-BC6E-28591B1A70E6}
2012-07-06 03:35 - 2012-07-06 03:35 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{E131F96B-E49A-4530-BC6E-28591B1A70E6}
2012-07-06 03:35 - 2012-07-06 03:35 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{E131F96B-E49A-4530-BC6E-28591B1A70E6}
2012-07-05 15:35 - 2012-07-05 15:35 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{F28E2E68-5C29-40E8-A30C-C1249D0E7767}
2012-07-05 15:35 - 2012-07-05 15:35 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{F28E2E68-5C29-40E8-A30C-C1249D0E7767}
2012-07-05 15:35 - 2012-07-05 15:35 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{F28E2E68-5C29-40E8-A30C-C1249D0E7767}
2012-07-05 03:34 - 2012-07-05 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{F8DE9C92-EAE1-4EB4-A75E-899C86CFA8EB}
2012-07-05 03:34 - 2012-07-05 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{F8DE9C92-EAE1-4EB4-A75E-899C86CFA8EB}
2012-07-05 03:34 - 2012-07-05 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{F8DE9C92-EAE1-4EB4-A75E-899C86CFA8EB}
2012-07-04 15:34 - 2012-07-04 15:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{BF68E45D-8DF5-40DD-8397-B9B9C761C436}
2012-07-04 15:34 - 2012-07-04 15:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{BF68E45D-8DF5-40DD-8397-B9B9C761C436}
2012-07-04 15:34 - 2012-07-04 15:34 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{BF68E45D-8DF5-40DD-8397-B9B9C761C436}
2012-07-04 03:33 - 2012-07-04 03:33 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{A26CC261-3D40-42F3-8714-814F8D9F2F5C}
2012-07-04 03:33 - 2012-07-04 03:33 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{A26CC261-3D40-42F3-8714-814F8D9F2F5C}
2012-07-04 03:33 - 2012-07-04 03:33 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{A26CC261-3D40-42F3-8714-814F8D9F2F5C}
2012-07-03 15:32 - 2012-07-03 15:33 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{EE3D6222-4872-4C38-AF5C-CA26F4A97677}
2012-07-03 15:32 - 2012-07-03 15:33 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{EE3D6222-4872-4C38-AF5C-CA26F4A97677}
2012-07-03 15:32 - 2012-07-03 15:33 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{EE3D6222-4872-4C38-AF5C-CA26F4A97677}
2012-07-03 03:32 - 2012-07-06 03:35 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{047107D5-6188-41F0-86A5-58432D5B0042}
2012-07-03 03:32 - 2012-07-06 03:35 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{047107D5-6188-41F0-86A5-58432D5B0042}
2012-07-03 03:32 - 2012-07-06 03:35 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{047107D5-6188-41F0-86A5-58432D5B0042}
2012-07-03 03:32 - 2012-07-03 03:32 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{C39A8E25-87CE-42B7-BCB1-D9089CDDDA05}
2012-07-03 03:32 - 2012-07-03 03:32 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{C39A8E25-87CE-42B7-BCB1-D9089CDDDA05}
2012-07-03 03:32 - 2012-07-03 03:32 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{C39A8E25-87CE-42B7-BCB1-D9089CDDDA05}
2012-07-02 23:51 - 2012-07-22 03:43 - 00000000 ____D C:\Users\JMAXWORTHY\Desktop\AVACTIS WEEKEND
2012-07-02 15:31 - 2012-07-02 15:31 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{8887D69C-3F61-42D6-8122-0FC38C73F0FA}
2012-07-02 15:31 - 2012-07-02 15:31 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{8887D69C-3F61-42D6-8122-0FC38C73F0FA}
2012-07-02 15:31 - 2012-07-02 15:31 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{8887D69C-3F61-42D6-8122-0FC38C73F0FA}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{DB4A348D-DEC1-4767-AF4A-26B7AA2B0FF8}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{5FEA92EF-4628-4333-B681-278B546074C8}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\Application Data\{04088C2D-817E-4BD6-9111-F2D3A5587E6A}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{DB4A348D-DEC1-4767-AF4A-26B7AA2B0FF8}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{5FEA92EF-4628-4333-B681-278B546074C8}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\Local Settings\{04088C2D-817E-4BD6-9111-F2D3A5587E6A}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{DB4A348D-DEC1-4767-AF4A-26B7AA2B0FF8}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{5FEA92EF-4628-4333-B681-278B546074C8}
2012-07-02 03:34 - 2012-07-02 03:34 - 00000000 ____D C:\Users\JMAXWORTHY\AppData\Local\{04088C2D-817E-4BD6-9111-F2D3A5587E6A}

============ 3 Months Modified Files ========================

2012-08-01 03:54 - 2009-07-14 00:13 - 00778104 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-01 03:28 - 2010-07-10 11:54 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-31 23:28 - 2010-07-10 11:54 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 10:00 - 2012-04-17 15:06 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-31 10:00 - 2010-12-05 23:51 - 00018405 ____A C:\Windows\System32\lvcoinst.log
2012-07-29 12:28 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-29 12:28 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-29 12:21 - 2012-07-06 09:50 - 00001928 ____A C:\Windows\setupact.log
2012-07-29 12:21 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-28 09:43 - 2012-07-28 09:42 - 00607260 ____R (Swearware) C:\Users\JMAXWORTHY\Downloads\dds.scr
2012-07-28 09:38 - 2012-07-28 09:38 - 00000000 ____A C:\Users\JMAXWORTHY\defogger_reenable
2012-07-23 05:37 - 2010-08-25 18:30 - 01439528 ____A C:\Windows\WindowsUpdate.log
2012-07-21 09:20 - 2012-06-09 06:42 - 00037376 __ASH C:\Users\JMAXWORTHY\Desktop\Thumbs.db
2012-07-21 09:08 - 2012-07-21 09:08 - 00001713 ____A C:\Users\JMAXWORTHY\Desktop\Google Drive.lnk
2012-07-13 21:53 - 2012-07-13 21:53 - 00291560 ____A C:\Windows\Minidump\071312-22417-01.dmp
2012-07-13 21:53 - 2012-07-06 14:54 - 789224219 ____A C:\Windows\MEMORY.DMP
2012-07-13 21:53 - 2012-07-06 14:54 - 00002162 ____A C:\Windows\PFRO.log
2012-07-13 21:53 - 2012-04-17 15:06 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-09 05:17 - 2012-07-09 05:17 - 02322184 ____A (ESET) C:\Users\JMAXWORTHY\Desktop\esetsmartinstaller_enu.exe
2012-07-09 04:44 - 2012-07-09 04:44 - 04731392 ____A (AVAST Software) C:\Users\JMAXWORTHY\Desktop\aswMBR.exe
2012-07-07 03:58 - 2012-07-07 03:58 - 00283824 ____A C:\Windows\Minidump\070712-26722-01.dmp
2012-07-07 02:29 - 2012-07-07 02:29 - 00283672 ____A C:\Windows\Minidump\070712-31949-01.dmp
2012-07-06 14:54 - 2012-07-06 14:54 - 00284696 ____A C:\Windows\Minidump\070612-23134-01.dmp
2012-07-06 09:50 - 2012-07-06 09:50 - 00000000 ____A C:\Windows\setuperr.log
2012-07-02 02:34 - 2010-07-04 10:03 - 00015836 ____A C:\Users\JMAXWORTHY\Application Data\wklnhst.dat
2012-07-02 02:34 - 2010-07-04 10:03 - 00015836 ____A C:\Users\JMAXWORTHY\AppData\Roaming\wklnhst.dat
2012-06-30 01:17 - 2012-06-30 01:17 - 00000218 ____A C:\Users\JMAXWORTHY\.recently-used.xbel
2012-06-13 03:19 - 2009-07-13 23:45 - 00326712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 03:15 - 2010-07-31 04:36 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 22:56 - 2012-06-11 22:55 - 143749104 ____A (Installation Program) C:\Users\JMAXWORTHY\Downloads\1.6.138-update.exe
2012-06-07 00:01 - 2012-06-07 00:01 - 00003584 ____A C:\Users\JMAXWORTHY\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-07 00:01 - 2012-06-07 00:01 - 00003584 ____A C:\Users\JMAXWORTHY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-07 00:01 - 2012-06-07 00:01 - 00003584 ____A C:\Users\JMAXWORTHY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-02 17:19 - 2012-06-22 00:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 00:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 00:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 00:06 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 00:06 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-22 00:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-22 00:06 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 00:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 00:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-25 19:53 - 2012-05-17 06:50 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-22 03:20 - 2012-05-22 03:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-17 21:47 - 2012-06-13 03:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 21:16 - 2012-06-13 03:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 21:06 - 2012-06-13 03:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 20:59 - 2012-06-13 03:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 20:59 - 2012-06-13 03:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 20:58 - 2012-06-13 03:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 20:58 - 2012-06-13 03:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 20:56 - 2012-06-13 03:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 20:55 - 2012-06-13 03:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 20:55 - 2012-06-13 03:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 20:54 - 2012-06-13 03:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 20:51 - 2012-06-13 03:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 20:51 - 2012-06-13 03:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 20:47 - 2012-06-13 03:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 18:11 - 2012-06-13 03:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 17:48 - 2012-06-13 03:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 17:45 - 2012-06-13 03:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 17:36 - 2012-06-13 03:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 17:35 - 2012-06-13 03:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 17:35 - 2012-06-13 03:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 17:33 - 2012-06-13 03:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 17:31 - 2012-06-13 03:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 17:29 - 2012-06-13 03:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 17:29 - 2012-06-13 03:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 17:27 - 2012-06-13 03:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 17:25 - 2012-06-13 03:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 17:24 - 2012-06-13 03:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 17:20 - 2012-06-13 03:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 20:32 - 2012-06-12 18:20 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-04 06:06 - 2012-06-12 18:20 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-12 18:20 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-12 18:20 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe


ZeroAccess:
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\L
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\L\00000004.@
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U\00000004.@
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U\00000008.@
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U\000000cb.@
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U\80000000.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8119.12 MB
Available physical RAM: 7347.79 MB
Total Pagefile: 8117.27 MB
Available Pagefile: 7349.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:574.11 GB) NTFS
3 Drive e: () (Removable) (Total:7.41 GB) (Free:6.79 GB) FAT32
8 Drive j: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7592 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 916 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 J RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7588 MB 4096 KB

==================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 E FAT32 Removable 7588 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-27 23:15

======================= End Of Log ==========================


Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-01 06:10:24
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____N (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 01 August 2012 - 07:04 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JMAXWORTHY

JMAXWORTHY
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 01 August 2012 - 09:44 PM

Hello -

Below is the fixlog.txt. It ran without incident.

I am going to be out of town Friday until late Monday.

Thanks. John Maxworthy


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-01 23:36:01 Run:1
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943} moved successfully.

==== End of Fixlog ===

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 02 August 2012 - 09:20 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 05 August 2012 - 03:12 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JMAXWORTHY

JMAXWORTHY
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 07 August 2012 - 07:30 AM

Hi Gringo

We were out of town Friday thru most of yesterday.

Below is the log from running combofix last night.

Prior to running combofix the computer had stopped showing the popup Malware warning every 2 minutes for tr/atraps.gen2 and a log for the regularly Sunday schedule for running AVIRA showed no detections.

I am sending this reply from my computer at work. After running combofix, the computer would not allow me to open any programs I tried to use - email, browsers, word, graphics editor. , etc. The message, "illegal operation attempted on a registry key that has been marked for deletion". kept being shown. Combofix might have gotten over zealous.



ComboFix 12-08-05.02 - JMAXWORTHY 08/06/2012 21:54:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5786 [GMT -4:00]
Running from: c:\users\JMAXWORTHY\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\InstallNotifier.exe
c:\program files (x86)\Shop to Win\ProcessDetector.exe
c:\program files (x86)\Shop to Win\ShopToWin.exe
c:\program files (x86)\Shop to Win\sqlite3.dll
c:\program files (x86)\Shop to Win\TestFeeds\DisableStatus.xml
c:\program files (x86)\Shop to Win\TestFeeds\DisableStatusDirection.xml
c:\program files (x86)\Shop to Win\TestFeeds\GenericPopup.xml
c:\program files (x86)\Shop to Win\TestFeeds\MainStatus.xml
c:\program files (x86)\Shop to Win\TestFeeds\ShoppingConfirmation.xml
c:\program files (x86)\Shop to Win\unins000.dat
c:\program files (x86)\Shop to Win\unins000.exe
c:\program files (x86)\Shop to Win\UnInstallPlugin.exe
c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\_ctypes.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\_elementtree.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\_hashlib.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\_socket.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\_ssl.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\pyexpat.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\pysqlite2._sqlite.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\python26.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\pythoncom26.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\PyWinTypes26.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\select.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\unicodedata.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\win32api.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\win32com.shell.shell.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\win32crypt.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\win32event.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\win32file.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\win32inet.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\win32pdh.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\win32process.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\windows._cacheinvalidation.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wx._controls_.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wx._core_.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wx._gdi_.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wx._html2.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wx._misc_.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wx._windows_.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wx._wizard.pyd
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wxbase293u_net_vc.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wxbase293u_vc.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wxmsw293u_adv_vc.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wxmsw293u_core_vc.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wxmsw293u_html_vc.dll
c:\users\JMAXWO~1\AppData\Local\Temp\_MEI81082\wxmsw293u_webview_vc.dll
c:\users\JMAXWO~1\AppData\Local\Temp\tmpmhwfmg\googledrivesync.exe
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\_ctypes.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\_elementtree.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\_hashlib.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\_socket.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\_ssl.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\pyexpat.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\pysqlite2._sqlite.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\python26.dll
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\pythoncom26.dll
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\PyWinTypes26.dll
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\select.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\unicodedata.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\win32api.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\win32com.shell.shell.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\win32crypt.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\win32event.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\win32file.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\win32inet.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\win32pdh.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\win32process.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\windows._cacheinvalidation.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wx._controls_.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wx._core_.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wx._gdi_.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wx._html2.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wx._misc_.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wx._windows_.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wx._wizard.pyd
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wxbase293u_net_vc.dll
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wxbase293u_vc.dll
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wxmsw293u_adv_vc.dll
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wxmsw293u_core_vc.dll
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wxmsw293u_html_vc.dll
c:\users\JMAXWORTHY\AppData\Local\Temp\_MEI81082\wxmsw293u_webview_vc.dll
c:\users\JMAXWORTHY\AppData\Roaming\Microsoft\Windows\Recent\AARP® Travel Center powered by Expedia® - AARP Travel Discounts on Hotels, Cars, Flights, and Cruises.url
c:\users\JMAXWORTHY\Documents\ShopToWin
c:\windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\@
c:\windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\L\00000004.@
c:\windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U\00000004.@
c:\windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U\00000008.@
c:\windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U\000000cb.@
c:\windows\Installer\{1cb6829e-d982-39ae-20e2-4ea7b15d1943}\U\80000000.@
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 02:00 . 2012-08-07 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 02:28 . 2012-08-03 02:28 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-08-01 11:01 . 2012-08-01 11:01 -------- d-----w- C:\FRST
2012-07-30 08:15 . 2012-07-30 08:15 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-30 08:15 . 2012-07-30 08:15 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-29 14:14 . 2012-07-29 14:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\program files (x86)\7-zip
2012-07-28 14:31 . 2012-07-28 22:01 -------- d-----w- c:\program files (x86)\STW Installer
2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\programdata\Yahoo!
2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\programdata\Yahoo! Companion
2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\program files (x86)\Yahoo!
2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\users\JMAXWORTHY\AppData\Roaming\Yahoo!
2012-07-21 14:08 . 2012-08-03 02:28 -------- d-s---w- c:\users\JMAXWORTHY\Google Drive
2012-07-09 10:18 . 2012-07-09 10:18 -------- d-----w- c:\program files (x86)\ESET
2012-07-09 09:50 . 2012-07-09 09:50 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2010-07-04 14:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 08:15 . 2010-07-31 09:36 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 05:06 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 05:07 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 05:07 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 05:07 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 05:06 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 05:07 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 05:06 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 05:06 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 05:06 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 02:47 . 2012-06-13 08:11 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-13 08:11 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-13 08:11 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-13 08:11 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-13 08:11 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-13 08:11 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-13 08:11 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-13 08:11 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-13 08:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-13 08:11 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-13 08:11 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-13 08:11 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-13 08:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-13 08:11 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-13 08:11 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-13 08:11 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-13 08:11 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 08:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 08:11 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-17 11:53 . 2012-05-17 11:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-17 11:53 . 2010-11-21 03:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-17 11:52 . 2010-11-21 03:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-15 05:41 . 2012-06-17 10:05 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21FEBE32-756B-4532-B25C-C28DB050247A}\mpengine.dll
2012-05-15 01:32 . 2012-06-12 23:20 3146752 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-10-23 5013128]
"Amazon Cloud Drive"="c:\users\JMAXWORTHY\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-05-24 424848]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-08 567320]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-12-26 743560]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-10 559616]
.
c:\users\JMAXWORTHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
Launch Utility Application.lnk - c:\users\JMAXWORTHY\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2010-12-15 491520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-08-08 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2011-08-08 70656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-12-23 57480]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-12-23 51336]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-04-27 55856]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-12-23 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-12-23 189576]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-07-16 53312]
S1 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-07-16 65600]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-08 818712]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2011-04-01 23904]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-04-01 341856]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-26 83488]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 16:54]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 16:54]
.
2012-07-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\111iTwinBaseOverlay]
@="{EE51C01F-4739-4A52-9637-F00E146C6AC3}"
[HKEY_CLASSES_ROOT\CLSID\{EE51C01F-4739-4A52-9637-F00E146C6AC3}]
2012-02-03 05:55 863592 ----a-w- c:\programdata\iTwin\iTwin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\112iTwinMobileOverlay]
@="{DB2EFAD3-CC3D-48a6-A9B2-5FFD1833EE57}"
[HKEY_CLASSES_ROOT\CLSID\{DB2EFAD3-CC3D-48a6-A9B2-5FFD1833EE57}]
2012-02-03 05:55 969064 ----a-w- c:\programdata\iTwin\iTwinRemote.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\113iTwinSyncOverlay]
@="{200D94BA-1B4B-4c64-972A-6010FAF8A0DB}"
[HKEY_CLASSES_ROOT\CLSID\{200D94BA-1B4B-4c64-972A-6010FAF8A0DB}]
2012-02-03 05:55 969064 ----a-w- c:\programdata\iTwin\iTwinRemote.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"iTwinAssist"="c:\programdata\iTwin\iTwinAssist.exe" [2012-02-03 660840]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mysite.verizon.net/jmaxworthy/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\JMAXWORTHY\AppData\Roaming\Mozilla\Firefox\Profiles\453ep54z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mysite.verizon.net/jmaxworthy/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Shop To Win - c:\program files (x86)\Shop To Win\ShopToWin.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{86AE8BCB-259D-46E0-9624-4AB2025348B4}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{52836EB0-631A-47B1-94A6-61F9D9112DAE}"=hex:51,66,7a,6c,4c,1d,38,12,de,6d,90,
56,28,2d,df,02,eb,b0,22,b9,dc,4f,69,ba
"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,
99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c4,92,79,84,b3,5c,cd,01
.
[HKEY_USERS\S-1-5-21-4108816469-2846117310-4252441803-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4108816469-2846117310-4252441803-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
.
**************************************************************************
.
Completion time: 2012-08-06 22:05:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 02:05
.
Pre-Run: 616,157,069,312 bytes free
Post-Run: 624,019,918,848 bytes free
.
- - End Of File - - A976DB5A89705CCEB03A55D88AA87DA2

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:03 PM

Posted 07 August 2012 - 04:54 PM

Greetings

From my instructions above



--->>>>>
Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer <<<<----



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 07 August 2012 - 04:54 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JMAXWORTHY

JMAXWORTHY
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 09 August 2012 - 04:12 AM

Hello - Yes, restarting resoved the "illegal operation". I panic'd. Below is the TDSSKiller report and aswMBR logs.

Thank you.

03:42:46.0016 8388 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
03:42:46.0255 8388 ============================================================
03:42:46.0255 8388 Current date / time: 2012/08/09 03:42:46.0255
03:42:46.0255 8388 SystemInfo:
03:42:46.0255 8388
03:42:46.0255 8388 OS Version: 6.1.7601 ServicePack: 1.0
03:42:46.0255 8388 Product type: Workstation
03:42:46.0256 8388 ComputerName: JMAXWORTHY-PC
03:42:46.0256 8388 UserName: JMAXWORTHY
03:42:46.0256 8388 Windows directory: C:\Windows
03:42:46.0256 8388 System windows directory: C:\Windows
03:42:46.0256 8388 Running under WOW64
03:42:46.0256 8388 Processor architecture: Intel x64
03:42:46.0256 8388 Number of processors: 4
03:42:46.0256 8388 Page size: 0x1000
03:42:46.0256 8388 Boot type: Normal boot
03:42:46.0256 8388 ============================================================
03:42:47.0036 8388 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:42:47.0065 8388 ============================================================
03:42:47.0065 8388 \Device\Harddisk0\DR0:
03:42:47.0065 8388 MBR partitions:
03:42:47.0065 8388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
03:42:47.0065 8388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x729A65B0
03:42:47.0065 8388 ============================================================
03:42:47.0088 8388 C: <-> \Device\Harddisk0\DR0\Partition1
03:42:47.0088 8388 ============================================================
03:42:47.0088 8388 Initialize success
03:42:47.0088 8388 ============================================================
03:42:55.0556 7812 ============================================================
03:42:55.0556 7812 Scan started
03:42:55.0556 7812 Mode: Manual;
03:42:55.0556 7812 ============================================================
03:42:56.0143 7812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
03:42:56.0158 7812 1394ohci - ok
03:42:56.0268 7812 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
03:42:56.0275 7812 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
03:42:56.0315 7812 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
03:42:56.0317 7812 ACDaemon - ok
03:42:56.0365 7812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
03:42:56.0369 7812 ACPI - ok
03:42:56.0401 7812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
03:42:56.0405 7812 AcpiPmi - ok
03:42:56.0522 7812 AdobeActiveFileMonitor10.0 (c245e08ec469a52a622efdc9787a0dcc) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
03:42:56.0524 7812 AdobeActiveFileMonitor10.0 - ok
03:42:56.0602 7812 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
03:42:56.0604 7812 AdobeActiveFileMonitor9.0 - ok
03:42:56.0671 7812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
03:42:56.0693 7812 adp94xx - ok
03:42:56.0746 7812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
03:42:56.0762 7812 adpahci - ok
03:42:56.0782 7812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
03:42:56.0791 7812 adpu320 - ok
03:42:56.0825 7812 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
03:42:56.0826 7812 AeLookupSvc - ok
03:42:56.0877 7812 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
03:42:56.0879 7812 AERTFilters - ok
03:42:56.0956 7812 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
03:42:56.0962 7812 Afc - ok
03:42:57.0039 7812 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
03:42:57.0063 7812 AFD - ok
03:42:57.0101 7812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
03:42:57.0109 7812 agp440 - ok
03:42:57.0122 7812 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
03:42:57.0131 7812 ALG - ok
03:42:57.0151 7812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
03:42:57.0156 7812 aliide - ok
03:42:57.0163 7812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
03:42:57.0169 7812 amdide - ok
03:42:57.0195 7812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
03:42:57.0200 7812 AmdK8 - ok
03:42:57.0209 7812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
03:42:57.0214 7812 AmdPPM - ok
03:42:57.0245 7812 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
03:42:57.0254 7812 amdsata - ok
03:42:57.0284 7812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
03:42:57.0294 7812 amdsbs - ok
03:42:57.0311 7812 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
03:42:57.0312 7812 amdxata - ok
03:42:57.0427 7812 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
03:42:57.0429 7812 AntiVirSchedulerService - ok
03:42:57.0468 7812 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
03:42:57.0470 7812 AntiVirService - ok
03:42:57.0511 7812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
03:42:57.0519 7812 AppID - ok
03:42:57.0532 7812 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
03:42:57.0542 7812 AppIDSvc - ok
03:42:57.0615 7812 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
03:42:57.0616 7812 Appinfo - ok
03:42:57.0729 7812 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:42:57.0731 7812 Apple Mobile Device - ok
03:42:57.0754 7812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
03:42:57.0762 7812 arc - ok
03:42:57.0775 7812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
03:42:57.0783 7812 arcsas - ok
03:42:57.0885 7812 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:42:57.0886 7812 aspnet_state - ok
03:42:57.0898 7812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:42:57.0903 7812 AsyncMac - ok
03:42:57.0930 7812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
03:42:57.0931 7812 atapi - ok
03:42:58.0042 7812 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
03:42:58.0083 7812 athr - ok
03:42:58.0205 7812 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:42:58.0214 7812 AudioEndpointBuilder - ok
03:42:58.0225 7812 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:42:58.0232 7812 AudioSrv - ok
03:42:58.0290 7812 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
03:42:58.0291 7812 avgntflt - ok
03:42:58.0312 7812 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
03:42:58.0322 7812 avipbb - ok
03:42:58.0373 7812 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
03:42:58.0385 7812 AxInstSV - ok
03:42:58.0431 7812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
03:42:58.0452 7812 b06bdrv - ok
03:42:58.0494 7812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:42:58.0506 7812 b57nd60a - ok
03:42:58.0629 7812 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
03:42:58.0631 7812 BBSvc - ok
03:42:58.0667 7812 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
03:42:58.0676 7812 BDESVC - ok
03:42:58.0692 7812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:42:58.0695 7812 Beep - ok
03:42:58.0769 7812 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
03:42:58.0778 7812 BFE - ok
03:42:58.0804 7812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:42:58.0808 7812 blbdrive - ok
03:42:58.0887 7812 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
03:42:58.0890 7812 Bonjour Service - ok
03:42:58.0932 7812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
03:42:58.0933 7812 bowser - ok
03:42:58.0943 7812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:42:58.0947 7812 BrFiltLo - ok
03:42:58.0961 7812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:42:58.0965 7812 BrFiltUp - ok
03:42:58.0990 7812 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:42:58.0997 7812 BridgeMP - ok
03:42:59.0021 7812 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
03:42:59.0022 7812 Browser - ok
03:42:59.0055 7812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:42:59.0068 7812 Brserid - ok
03:42:59.0085 7812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:42:59.0089 7812 BrSerWdm - ok
03:42:59.0098 7812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:42:59.0101 7812 BrUsbMdm - ok
03:42:59.0104 7812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:42:59.0107 7812 BrUsbSer - ok
03:42:59.0126 7812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
03:42:59.0132 7812 BTHMODEM - ok
03:42:59.0179 7812 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
03:42:59.0188 7812 bthserv - ok
03:42:59.0199 7812 catchme - ok
03:42:59.0218 7812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:42:59.0225 7812 cdfs - ok
03:42:59.0278 7812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
03:42:59.0289 7812 cdrom - ok
03:42:59.0305 7812 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:42:59.0306 7812 CertPropSvc - ok
03:42:59.0322 7812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
03:42:59.0327 7812 circlass - ok
03:42:59.0359 7812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:42:59.0362 7812 CLFS - ok
03:42:59.0437 7812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:42:59.0447 7812 clr_optimization_v2.0.50727_32 - ok
03:42:59.0491 7812 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:42:59.0502 7812 clr_optimization_v2.0.50727_64 - ok
03:42:59.0574 7812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:42:59.0576 7812 clr_optimization_v4.0.30319_32 - ok
03:42:59.0608 7812 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:42:59.0610 7812 clr_optimization_v4.0.30319_64 - ok
03:42:59.0633 7812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
03:42:59.0638 7812 CmBatt - ok
03:42:59.0671 7812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
03:42:59.0678 7812 cmdide - ok
03:42:59.0734 7812 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
03:42:59.0739 7812 CNG - ok
03:42:59.0753 7812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
03:42:59.0760 7812 Compbatt - ok
03:42:59.0796 7812 CompFilter64 (11cc395d18ff03e95e8c6a149c84c91b) C:\Windows\system32\DRIVERS\lvbflt64.sys
03:42:59.0802 7812 CompFilter64 - ok
03:42:59.0836 7812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
03:42:59.0840 7812 CompositeBus - ok
03:42:59.0843 7812 COMSysApp - ok
03:42:59.0846 7812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
03:42:59.0851 7812 crcdisk - ok
03:42:59.0902 7812 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
03:42:59.0904 7812 CryptSvc - ok
03:42:59.0969 7812 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:42:59.0977 7812 DcomLaunch - ok
03:43:00.0015 7812 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
03:43:00.0029 7812 defragsvc - ok
03:43:00.0067 7812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
03:43:00.0069 7812 DfsC - ok
03:43:00.0120 7812 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
03:43:00.0122 7812 Dhcp - ok
03:43:00.0134 7812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:43:00.0140 7812 discache - ok
03:43:00.0160 7812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
03:43:00.0161 7812 Disk - ok
03:43:00.0203 7812 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
03:43:00.0206 7812 Dnscache - ok
03:43:00.0297 7812 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
03:43:00.0299 7812 DockLoginService - ok
03:43:00.0339 7812 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
03:43:00.0353 7812 dot3svc - ok
03:43:00.0374 7812 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
03:43:00.0376 7812 DPS - ok
03:43:00.0424 7812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:43:00.0427 7812 drmkaud - ok
03:43:00.0503 7812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
03:43:00.0512 7812 DXGKrnl - ok
03:43:00.0546 7812 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
03:43:00.0548 7812 EapHost - ok
03:43:00.0671 7812 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
03:43:00.0672 7812 EaseUS Agent - ok
03:43:00.0896 7812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
03:43:00.0965 7812 ebdrv - ok
03:43:01.0085 7812 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
03:43:01.0087 7812 EFS - ok
03:43:01.0177 7812 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
03:43:01.0202 7812 ehRecvr - ok
03:43:01.0233 7812 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
03:43:01.0246 7812 ehSched - ok
03:43:01.0318 7812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
03:43:01.0335 7812 elxstor - ok
03:43:01.0360 7812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
03:43:01.0363 7812 ErrDev - ok
03:43:01.0419 7812 EUBAKUP (bf217be3db6907579c13438c6efe002d) C:\Windows\system32\drivers\eubakup.sys
03:43:01.0420 7812 EUBAKUP - ok
03:43:01.0431 7812 EUBKMON (92e3bd1f7d6d29a10929c1f9f7660fc3) C:\Windows\system32\drivers\EUBKMON.sys
03:43:01.0432 7812 EUBKMON - ok
03:43:01.0442 7812 EUDSKACS (d17446353e4fee5b7d710610e8b18ac4) C:\Windows\system32\drivers\eudskacs.sys
03:43:01.0445 7812 EUDSKACS - ok
03:43:01.0462 7812 EUFDDISK (8ad925da2e4bcd1a6e657a7248ccded2) C:\Windows\system32\drivers\EuFdDisk.sys
03:43:01.0468 7812 EUFDDISK - ok
03:43:01.0528 7812 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
03:43:01.0535 7812 EventSystem - ok
03:43:01.0574 7812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:43:01.0586 7812 exfat - ok
03:43:01.0607 7812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:43:01.0609 7812 fastfat - ok
03:43:01.0670 7812 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
03:43:01.0680 7812 Fax - ok
03:43:01.0692 7812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:43:01.0698 7812 fdc - ok
03:43:01.0706 7812 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
03:43:01.0708 7812 fdPHost - ok
03:43:01.0716 7812 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
03:43:01.0717 7812 FDResPub - ok
03:43:01.0723 7812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:43:01.0724 7812 FileInfo - ok
03:43:01.0732 7812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:43:01.0736 7812 Filetrace - ok
03:43:01.0749 7812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:43:01.0753 7812 flpydisk - ok
03:43:01.0799 7812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
03:43:01.0802 7812 FltMgr - ok
03:43:01.0886 7812 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
03:43:01.0902 7812 FontCache - ok
03:43:02.0013 7812 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:43:02.0021 7812 FontCache3.0.0.0 - ok
03:43:02.0064 7812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:43:02.0072 7812 FsDepends - ok
03:43:02.0110 7812 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
03:43:02.0116 7812 Fs_Rec - ok
03:43:02.0168 7812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:43:02.0171 7812 fvevol - ok
03:43:02.0187 7812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:43:02.0195 7812 gagp30kx - ok
03:43:02.0311 7812 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
03:43:02.0330 7812 GameConsoleService - ok
03:43:02.0357 7812 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:43:02.0361 7812 GEARAspiWDM - ok
03:43:02.0403 7812 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
03:43:02.0404 7812 GoToAssist - ok
03:43:02.0454 7812 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
03:43:02.0464 7812 gpsvc - ok
03:43:02.0561 7812 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
03:43:02.0562 7812 Guard Agent - ok
03:43:02.0658 7812 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:43:02.0660 7812 gupdate - ok
03:43:02.0709 7812 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:43:02.0710 7812 gupdatem - ok
03:43:02.0719 7812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:43:02.0727 7812 hcw85cir - ok
03:43:02.0762 7812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
03:43:02.0762 7812 HDAudBus - ok
03:43:02.0807 7812 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
03:43:02.0814 7812 HECIx64 - ok
03:43:02.0824 7812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
03:43:02.0829 7812 HidBatt - ok
03:43:02.0847 7812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
03:43:02.0854 7812 HidBth - ok
03:43:02.0868 7812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
03:43:02.0872 7812 HidIr - ok
03:43:02.0896 7812 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
03:43:02.0896 7812 hidserv - ok
03:43:02.0919 7812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
03:43:02.0924 7812 HidUsb - ok
03:43:02.0963 7812 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
03:43:02.0966 7812 hkmsvc - ok
03:43:03.0007 7812 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
03:43:03.0011 7812 HomeGroupListener - ok
03:43:03.0047 7812 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
03:43:03.0051 7812 HomeGroupProvider - ok
03:43:03.0065 7812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
03:43:03.0071 7812 HpSAMD - ok
03:43:03.0134 7812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
03:43:03.0152 7812 HTTP - ok
03:43:03.0188 7812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
03:43:03.0189 7812 hwpolicy - ok
03:43:03.0232 7812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
03:43:03.0243 7812 i8042prt - ok
03:43:03.0283 7812 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
03:43:03.0305 7812 iaStorV - ok
03:43:03.0433 7812 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:43:03.0476 7812 idsvc - ok
03:43:03.0503 7812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
03:43:03.0508 7812 iirsp - ok
03:43:03.0571 7812 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
03:43:03.0585 7812 IKEEXT - ok
03:43:03.0713 7812 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
03:43:03.0732 7812 IntcAzAudAddService - ok
03:43:03.0890 7812 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
03:43:03.0901 7812 IntcDAud - ok
03:43:03.0911 7812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
03:43:03.0918 7812 intelide - ok
03:43:03.0936 7812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:43:03.0936 7812 intelppm - ok
03:43:03.0973 7812 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
03:43:03.0984 7812 IPBusEnum - ok
03:43:04.0020 7812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:43:04.0029 7812 IpFilterDriver - ok
03:43:04.0100 7812 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
03:43:04.0108 7812 iphlpsvc - ok
03:43:04.0135 7812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
03:43:04.0141 7812 IPMIDRV - ok
03:43:04.0160 7812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:43:04.0166 7812 IPNAT - ok
03:43:04.0252 7812 iPod Service (24595ec9236d7e421661a2d4ffbd901a) C:\Program Files\iPod\bin\iPodService.exe
03:43:04.0258 7812 iPod Service - ok
03:43:04.0274 7812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:43:04.0277 7812 IRENUM - ok
03:43:04.0306 7812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
03:43:04.0310 7812 isapnp - ok
03:43:04.0350 7812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
03:43:04.0365 7812 iScsiPrt - ok
03:43:04.0419 7812 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
03:43:04.0431 7812 k57nd60a - ok
03:43:04.0448 7812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:43:04.0455 7812 kbdclass - ok
03:43:04.0488 7812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
03:43:04.0492 7812 kbdhid - ok
03:43:04.0527 7812 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:43:04.0528 7812 KeyIso - ok
03:43:04.0547 7812 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
03:43:04.0548 7812 KSecDD - ok
03:43:04.0564 7812 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
03:43:04.0565 7812 KSecPkg - ok
03:43:04.0578 7812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:43:04.0582 7812 ksthunk - ok
03:43:04.0630 7812 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
03:43:04.0650 7812 KtmRm - ok
03:43:04.0698 7812 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
03:43:04.0703 7812 LanmanServer - ok
03:43:04.0735 7812 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
03:43:04.0739 7812 LanmanWorkstation - ok
03:43:04.0845 7812 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
03:43:04.0865 7812 LBTServ - ok
03:43:04.0909 7812 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
03:43:04.0917 7812 LHidFilt - ok
03:43:04.0938 7812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:43:04.0945 7812 lltdio - ok
03:43:04.0992 7812 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
03:43:05.0010 7812 lltdsvc - ok
03:43:05.0023 7812 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
03:43:05.0029 7812 lmhosts - ok
03:43:05.0036 7812 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
03:43:05.0043 7812 LMouFilt - ok
03:43:05.0056 7812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:43:05.0062 7812 LSI_FC - ok
03:43:05.0077 7812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:43:05.0082 7812 LSI_SAS - ok
03:43:05.0088 7812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:43:05.0093 7812 LSI_SAS2 - ok
03:43:05.0114 7812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:43:05.0119 7812 LSI_SCSI - ok
03:43:05.0135 7812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:43:05.0136 7812 luafv - ok
03:43:05.0172 7812 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
03:43:05.0173 7812 LVPr2M64 - ok
03:43:05.0176 7812 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
03:43:05.0177 7812 LVPr2Mon - ok
03:43:05.0214 7812 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
03:43:05.0216 7812 LVPrcS64 - ok
03:43:05.0264 7812 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
03:43:05.0277 7812 LVRS64 - ok
03:43:05.0524 7812 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
03:43:05.0546 7812 LVUVC64 - ok
03:43:05.0661 7812 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
03:43:05.0671 7812 Mcx2Svc - ok
03:43:05.0701 7812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
03:43:05.0708 7812 megasas - ok
03:43:05.0740 7812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
03:43:05.0752 7812 MegaSR - ok
03:43:05.0789 7812 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:43:05.0791 7812 MMCSS - ok
03:43:05.0804 7812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:43:05.0810 7812 Modem - ok
03:43:05.0828 7812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:43:05.0829 7812 monitor - ok
03:43:05.0874 7812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
03:43:05.0881 7812 mouclass - ok
03:43:05.0903 7812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:43:05.0907 7812 mouhid - ok
03:43:05.0939 7812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
03:43:05.0940 7812 mountmgr - ok
03:43:06.0031 7812 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:43:06.0044 7812 MozillaMaintenance - ok
03:43:06.0088 7812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
03:43:06.0102 7812 mpio - ok
03:43:06.0121 7812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:43:06.0127 7812 mpsdrv - ok
03:43:06.0227 7812 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
03:43:06.0240 7812 MpsSvc - ok
03:43:06.0275 7812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
03:43:06.0286 7812 MRxDAV - ok
03:43:06.0320 7812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:43:06.0322 7812 mrxsmb - ok
03:43:06.0374 7812 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:43:06.0379 7812 mrxsmb10 - ok
03:43:06.0395 7812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:43:06.0395 7812 mrxsmb20 - ok
03:43:06.0410 7812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
03:43:06.0414 7812 msahci - ok
03:43:06.0432 7812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
03:43:06.0439 7812 msdsm - ok
03:43:06.0478 7812 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
03:43:06.0491 7812 MSDTC - ok
03:43:06.0508 7812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:43:06.0509 7812 Msfs - ok
03:43:06.0527 7812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:43:06.0530 7812 mshidkmdf - ok
03:43:06.0542 7812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
03:43:06.0542 7812 msisadrv - ok
03:43:06.0583 7812 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
03:43:06.0594 7812 MSiSCSI - ok
03:43:06.0598 7812 msiserver - ok
03:43:06.0618 7812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:43:06.0621 7812 MSKSSRV - ok
03:43:06.0632 7812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:43:06.0636 7812 MSPCLOCK - ok
03:43:06.0645 7812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:43:06.0649 7812 MSPQM - ok
03:43:06.0703 7812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
03:43:06.0708 7812 MsRPC - ok
03:43:06.0745 7812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
03:43:06.0746 7812 mssmbios - ok
03:43:06.0756 7812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:43:06.0760 7812 MSTEE - ok
03:43:06.0774 7812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
03:43:06.0779 7812 MTConfig - ok
03:43:06.0792 7812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:43:06.0793 7812 Mup - ok
03:43:06.0849 7812 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
03:43:06.0856 7812 napagent - ok
03:43:06.0921 7812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:43:06.0939 7812 NativeWifiP - ok
03:43:07.0000 7812 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
03:43:07.0012 7812 NDIS - ok
03:43:07.0025 7812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:43:07.0029 7812 NdisCap - ok
03:43:07.0048 7812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:43:07.0052 7812 NdisTapi - ok
03:43:07.0087 7812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
03:43:07.0094 7812 Ndisuio - ok
03:43:07.0131 7812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
03:43:07.0141 7812 NdisWan - ok
03:43:07.0182 7812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
03:43:07.0188 7812 NDProxy - ok
03:43:07.0212 7812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:43:07.0213 7812 NetBIOS - ok
03:43:07.0256 7812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
03:43:07.0270 7812 NetBT - ok
03:43:07.0284 7812 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:43:07.0286 7812 Netlogon - ok
03:43:07.0336 7812 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
03:43:07.0342 7812 Netman - ok
03:43:07.0478 7812 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:43:07.0480 7812 NetMsmqActivator - ok
03:43:07.0484 7812 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:43:07.0486 7812 NetPipeActivator - ok
03:43:07.0521 7812 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
03:43:07.0524 7812 netprofm - ok
03:43:07.0527 7812 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:43:07.0528 7812 NetTcpActivator - ok
03:43:07.0530 7812 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:43:07.0531 7812 NetTcpPortSharing - ok
03:43:07.0574 7812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
03:43:07.0582 7812 nfrd960 - ok
03:43:07.0634 7812 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
03:43:07.0639 7812 NlaSvc - ok
03:43:07.0653 7812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:43:07.0653 7812 Npfs - ok
03:43:07.0677 7812 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
03:43:07.0678 7812 nsi - ok
03:43:07.0682 7812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:43:07.0685 7812 nsiproxy - ok
03:43:07.0794 7812 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
03:43:07.0817 7812 Ntfs - ok
03:43:07.0922 7812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:43:07.0925 7812 Null - ok
03:43:07.0957 7812 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
03:43:07.0965 7812 NVHDA - ok
03:43:08.0513 7812 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:43:08.0563 7812 nvlddmkm - ok
03:43:08.0659 7812 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
03:43:08.0669 7812 nvraid - ok
03:43:08.0690 7812 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
03:43:08.0696 7812 nvstor - ok
03:43:08.0751 7812 nvsvc (fce8537bf5d504680212d536a3bfe5e2) C:\Windows\system32\nvvsvc.exe
03:43:08.0756 7812 nvsvc - ok
03:43:08.0788 7812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
03:43:08.0796 7812 nv_agp - ok
03:43:08.0825 7812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
03:43:08.0833 7812 ohci1394 - ok
03:43:08.0883 7812 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:43:08.0889 7812 p2pimsvc - ok
03:43:08.0945 7812 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
03:43:08.0948 7812 p2psvc - ok
03:43:08.0979 7812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
03:43:08.0985 7812 Parport - ok
03:43:09.0021 7812 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
03:43:09.0022 7812 partmgr - ok
03:43:09.0064 7812 pbfilter - ok
03:43:09.0091 7812 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
03:43:09.0095 7812 PcaSvc - ok
03:43:09.0113 7812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
03:43:09.0115 7812 pci - ok
03:43:09.0127 7812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
03:43:09.0128 7812 pciide - ok
03:43:09.0153 7812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
03:43:09.0167 7812 pcmcia - ok
03:43:09.0179 7812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:43:09.0180 7812 pcw - ok
03:43:09.0229 7812 pdfcDispatcher - ok
03:43:09.0279 7812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:43:09.0309 7812 PEAUTH - ok
03:43:09.0403 7812 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
03:43:09.0405 7812 PerfHost - ok
03:43:09.0515 7812 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
03:43:09.0555 7812 pla - ok
03:43:09.0616 7812 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
03:43:09.0623 7812 PlugPlay - ok
03:43:09.0638 7812 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
03:43:09.0643 7812 PNRPAutoReg - ok
03:43:09.0692 7812 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:43:09.0697 7812 PNRPsvc - ok
03:43:09.0760 7812 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
03:43:09.0783 7812 PolicyAgent - ok
03:43:09.0816 7812 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
03:43:09.0820 7812 Power - ok
03:43:09.0886 7812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
03:43:09.0896 7812 PptpMiniport - ok
03:43:09.0924 7812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
03:43:09.0963 7812 Processor - ok
03:43:09.0989 7812 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
03:43:09.0991 7812 ProfSvc - ok
03:43:10.0026 7812 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:43:10.0028 7812 ProtectedStorage - ok
03:43:10.0097 7812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
03:43:10.0107 7812 Psched - ok
03:43:10.0136 7812 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
03:43:10.0144 7812 PSSDK42 - ok
03:43:10.0179 7812 PSSDKLBF (07a3500cf1c3325568d1b85683ce4517) C:\Windows\system32\Drivers\pssdklbf.sys
03:43:10.0187 7812 PSSDKLBF - ok
03:43:10.0223 7812 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
03:43:10.0224 7812 PxHlpa64 - ok
03:43:10.0314 7812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
03:43:10.0353 7812 ql2300 - ok
03:43:10.0466 7812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
03:43:10.0477 7812 ql40xx - ok
03:43:10.0499 7812 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
03:43:10.0509 7812 QWAVE - ok
03:43:10.0518 7812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:43:10.0522 7812 QWAVEdrv - ok
03:43:10.0534 7812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:43:10.0538 7812 RasAcd - ok
03:43:10.0558 7812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:43:10.0563 7812 RasAgileVpn - ok
03:43:10.0592 7812 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
03:43:10.0603 7812 RasAuto - ok
03:43:10.0640 7812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:43:10.0649 7812 Rasl2tp - ok
03:43:10.0692 7812 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
03:43:10.0714 7812 RasMan - ok
03:43:10.0732 7812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:43:10.0741 7812 RasPppoe - ok
03:43:10.0755 7812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:43:10.0761 7812 RasSstp - ok
03:43:10.0807 7812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
03:43:10.0811 7812 rdbss - ok
03:43:10.0835 7812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:43:10.0840 7812 rdpbus - ok
03:43:10.0850 7812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:43:10.0853 7812 RDPCDD - ok
03:43:10.0864 7812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:43:10.0866 7812 RDPENCDD - ok
03:43:10.0875 7812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:43:10.0877 7812 RDPREFMP - ok
03:43:10.0917 7812 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
03:43:10.0926 7812 RDPWD - ok
03:43:10.0964 7812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
03:43:10.0966 7812 rdyboost - ok
03:43:11.0000 7812 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
03:43:11.0010 7812 RemoteAccess - ok
03:43:11.0041 7812 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
03:43:11.0056 7812 RemoteRegistry - ok
03:43:11.0091 7812 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
03:43:11.0096 7812 RimUsb - ok
03:43:11.0116 7812 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
03:43:11.0118 7812 RpcEptMapper - ok
03:43:11.0150 7812 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
03:43:11.0155 7812 RpcLocator - ok
03:43:11.0210 7812 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:43:11.0217 7812 RpcSs - ok
03:43:11.0228 7812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:43:11.0232 7812 rspndr - ok
03:43:11.0268 7812 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:43:11.0269 7812 SamSs - ok
03:43:11.0339 7812 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
03:43:11.0339 7812 SASDIFSV - ok
03:43:11.0356 7812 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
03:43:11.0356 7812 SASENUM - ok
03:43:11.0379 7812 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS
03:43:11.0380 7812 SASKUTIL - ok
03:43:11.0415 7812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
03:43:11.0424 7812 sbp2port - ok
03:43:11.0451 7812 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
03:43:11.0462 7812 SCardSvr - ok
03:43:11.0493 7812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
03:43:11.0500 7812 scfilter - ok
03:43:11.0582 7812 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
03:43:11.0598 7812 Schedule - ok
03:43:11.0629 7812 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:43:11.0630 7812 SCPolicySvc - ok
03:43:11.0662 7812 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
03:43:11.0666 7812 SDRSVC - ok
03:43:11.0750 7812 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
03:43:11.0753 7812 SeaPort - ok
03:43:11.0785 7812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:43:11.0790 7812 secdrv - ok
03:43:11.0821 7812 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
03:43:11.0829 7812 seclogon - ok
03:43:11.0839 7812 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
03:43:11.0842 7812 SENS - ok
03:43:11.0871 7812 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
03:43:11.0877 7812 SensrSvc - ok
03:43:11.0892 7812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:43:11.0895 7812 Serenum - ok
03:43:11.0916 7812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:43:11.0921 7812 Serial - ok
03:43:11.0954 7812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
03:43:11.0960 7812 sermouse - ok
03:43:12.0002 7812 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
03:43:12.0003 7812 SessionEnv - ok
03:43:12.0036 7812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
03:43:12.0040 7812 sffdisk - ok
03:43:12.0055 7812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
03:43:12.0060 7812 sffp_mmc - ok
03:43:12.0071 7812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
03:43:12.0075 7812 sffp_sd - ok
03:43:12.0089 7812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
03:43:12.0093 7812 sfloppy - ok
03:43:12.0231 7812 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
03:43:12.0246 7812 SftService - ok
03:43:12.0403 7812 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
03:43:12.0422 7812 SharedAccess - ok
03:43:12.0471 7812 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
03:43:12.0476 7812 ShellHWDetection - ok
03:43:12.0523 7812 silabenm (7799106fee728b907a86d9c9751e02d5) C:\Windows\system32\DRIVERS\silabenm.sys
03:43:12.0529 7812 silabenm - ok
03:43:12.0552 7812 silabser (5779d0aea7f27cab93f7e42265f9b7c5) C:\Windows\system32\DRIVERS\silabser.sys
03:43:12.0558 7812 silabser - ok
03:43:12.0577 7812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:43:12.0581 7812 SiSRaid2 - ok
03:43:12.0592 7812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
03:43:12.0597 7812 SiSRaid4 - ok
03:43:12.0608 7812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:43:12.0613 7812 Smb - ok
03:43:12.0638 7812 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
03:43:12.0642 7812 SNMPTRAP - ok
03:43:12.0746 7812 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
03:43:12.0751 7812 SplashtopRemoteService - ok
03:43:12.0776 7812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:43:12.0777 7812 spldr - ok
03:43:12.0839 7812 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
03:43:12.0846 7812 Spooler - ok
03:43:13.0054 7812 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
03:43:13.0090 7812 sppsvc - ok
03:43:13.0188 7812 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
03:43:13.0193 7812 sppuinotify - ok
03:43:13.0256 7812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
03:43:13.0262 7812 srv - ok
03:43:13.0314 7812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
03:43:13.0318 7812 srv2 - ok
03:43:13.0335 7812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
03:43:13.0337 7812 srvnet - ok
03:43:13.0362 7812 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
03:43:13.0366 7812 SSDPSRV - ok
03:43:13.0378 7812 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
03:43:13.0388 7812 SstpSvc - ok
03:43:13.0485 7812 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
03:43:13.0488 7812 SSUService - ok
03:43:13.0511 7812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
03:43:13.0517 7812 stexstor - ok
03:43:13.0727 7812 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
03:43:13.0737 7812 stisvc - ok
03:43:13.0770 7812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
03:43:13.0774 7812 swenum - ok
03:43:13.0812 7812 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
03:43:13.0821 7812 swprv - ok
03:43:13.0962 7812 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
03:43:13.0976 7812 SysMain - ok
03:43:14.0086 7812 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
03:43:14.0098 7812 TabletInputService - ok
03:43:14.0143 7812 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
03:43:14.0163 7812 TapiSrv - ok
03:43:14.0198 7812 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
03:43:14.0209 7812 TBS - ok
03:43:14.0360 7812 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
03:43:14.0378 7812 Tcpip - ok
03:43:14.0522 7812 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
03:43:14.0529 7812 TCPIP6 - ok
03:43:14.0590 7812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
03:43:14.0597 7812 tcpipreg - ok
03:43:14.0610 7812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:43:14.0614 7812 TDPIPE - ok
03:43:14.0642 7812 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
03:43:14.0647 7812 TDTCP - ok
03:43:14.0680 7812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
03:43:14.0688 7812 tdx - ok
03:43:14.0705 7812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
03:43:14.0710 7812 TermDD - ok
03:43:14.0759 7812 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
03:43:14.0766 7812 TermService - ok
03:43:14.0788 7812 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
03:43:14.0790 7812 Themes - ok
03:43:14.0821 7812 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:43:14.0822 7812 THREADORDER - ok
03:43:14.0844 7812 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
03:43:14.0848 7812 TrkWks - ok
03:43:14.0909 7812 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
03:43:14.0912 7812 TrustedInstaller - ok
03:43:14.0944 7812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:43:14.0948 7812 tssecsrv - ok
03:43:14.0986 7812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
03:43:14.0995 7812 TsUsbFlt - ok
03:43:15.0051 7812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
03:43:15.0053 7812 tunnel - ok
03:43:15.0072 7812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
03:43:15.0081 7812 uagp35 - ok
03:43:15.0156 7812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
03:43:15.0170 7812 udfs - ok
03:43:15.0201 7812 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
03:43:15.0207 7812 UI0Detect - ok
03:43:15.0216 7812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
03:43:15.0222 7812 uliagpkx - ok
03:43:15.0264 7812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
03:43:15.0272 7812 umbus - ok
03:43:15.0285 7812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
03:43:15.0290 7812 UmPass - ok
03:43:15.0408 7812 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
03:43:15.0412 7812 UMVPFSrv - ok
03:43:15.0440 7812 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
03:43:15.0447 7812 upnphost - ok
03:43:15.0491 7812 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
03:43:15.0501 7812 usbaudio - ok
03:43:15.0521 7812 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
03:43:15.0529 7812 usbccgp - ok
03:43:15.0560 7812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
03:43:15.0571 7812 usbcir - ok
03:43:15.0578 7812 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
03:43:15.0585 7812 usbehci - ok
03:43:15.0616 7812 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
03:43:15.0632 7812 usbhub - ok
03:43:15.0648 7812 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
03:43:15.0654 7812 usbohci - ok
03:43:15.0664 7812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
03:43:15.0667 7812 usbprint - ok
03:43:15.0704 7812 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
03:43:15.0710 7812 usbscan - ok
03:43:15.0719 7812 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:43:15.0728 7812 USBSTOR - ok
03:43:15.0743 7812 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
03:43:15.0749 7812 usbuhci - ok
03:43:15.0761 7812 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
03:43:15.0763 7812 UxSms - ok
03:43:15.0784 7812 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:43:15.0785 7812 VaultSvc - ok
03:43:15.0832 7812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
03:43:15.0832 7812 vdrvroot - ok
03:43:15.0886 7812 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
03:43:15.0893 7812 vds - ok
03:43:15.0909 7812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:43:15.0913 7812 vga - ok
03:43:15.0922 7812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:43:15.0926 7812 VgaSave - ok
03:43:15.0949 7812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
03:43:15.0957 7812 vhdmp - ok
03:43:15.0970 7812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
03:43:15.0975 7812 viaide - ok
03:43:15.0993 7812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
03:43:15.0993 7812 volmgr - ok
03:43:16.0038 7812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
03:43:16.0044 7812 volmgrx - ok
03:43:16.0072 7812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
03:43:16.0074 7812 volsnap - ok
03:43:16.0098 7812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
03:43:16.0104 7812 vsmraid - ok
03:43:16.0212 7812 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
03:43:16.0233 7812 VSS - ok
03:43:16.0357 7812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
03:43:16.0364 7812 vwifibus - ok
03:43:16.0374 7812 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
03:43:16.0382 7812 vwififlt - ok
03:43:16.0404 7812 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
03:43:16.0409 7812 vwifimp - ok
03:43:16.0456 7812 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
03:43:16.0463 7812 W32Time - ok
03:43:16.0483 7812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
03:43:16.0487 7812 WacomPen - ok
03:43:16.0516 7812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:43:16.0525 7812 WANARP - ok
03:43:16.0531 7812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:43:16.0534 7812 Wanarpv6 - ok
03:43:16.0631 7812 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
03:43:16.0691 7812 WatAdminSvc - ok
03:43:16.0788 7812 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
03:43:16.0818 7812 wbengine - ok
03:43:16.0861 7812 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
03:43:16.0873 7812 WbioSrvc - ok
03:43:16.0919 7812 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
03:43:16.0923 7812 wcncsvc - ok
03:43:16.0935 7812 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
03:43:16.0945 7812 WcsPlugInService - ok
03:43:16.0963 7812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
03:43:16.0968 7812 Wd - ok
03:43:17.0008 7812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:43:17.0014 7812 Wdf01000 - ok
03:43:17.0028 7812 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:43:17.0030 7812 WdiServiceHost - ok
03:43:17.0033 7812 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:43:17.0036 7812 WdiSystemHost - ok
03:43:17.0079 7812 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
03:43:17.0102 7812 WebClient - ok
03:43:17.0125 7812 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
03:43:17.0134 7812 Wecsvc - ok
03:43:17.0149 7812 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
03:43:17.0150 7812 wercplsupport - ok
03:43:17.0162 7812 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
03:43:17.0164 7812 WerSvc - ok
03:43:17.0183 7812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:43:17.0186 7812 WfpLwf - ok
03:43:17.0230 7812 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
03:43:17.0241 7812 WimFltr - ok
03:43:17.0256 7812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:43:17.0260 7812 WIMMount - ok
03:43:17.0329 7812 WinDefend - ok
03:43:17.0340 7812 WinHttpAutoProxySvc - ok
03:43:17.0405 7812 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
03:43:17.0408 7812 Winmgmt - ok
03:43:17.0530 7812 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
03:43:17.0580 7812 WinRM - ok
03:43:17.0706 7812 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
03:43:17.0715 7812 WinUsb - ok
03:43:17.0784 7812 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
03:43:17.0792 7812 Wlansvc - ok
03:43:17.0871 7812 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:43:17.0881 7812 wlcrasvc - ok
03:43:18.0078 7812 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:43:18.0100 7812 wlidsvc - ok
03:43:18.0152 7812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
03:43:18.0155 7812 WmiAcpi - ok
03:43:18.0230 7812 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
03:43:18.0242 7812 wmiApSrv - ok
03:43:18.0271 7812 WMPNetworkSvc - ok
03:43:18.0299 7812 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
03:43:18.0306 7812 WPCSvc - ok
03:43:18.0338 7812 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
03:43:18.0341 7812 WPDBusEnum - ok
03:43:18.0376 7812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:43:18.0379 7812 ws2ifsl - ok
03:43:18.0406 7812 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
03:43:18.0410 7812 wscsvc - ok
03:43:18.0414 7812 WSearch - ok
03:43:18.0590 7812 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
03:43:18.0650 7812 wuauserv - ok
03:43:18.0736 7812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
03:43:18.0745 7812 WudfPf - ok
03:43:18.0773 7812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:43:18.0783 7812 WUDFRd - ok
03:43:18.0816 7812 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
03:43:18.0820 7812 wudfsvc - ok
03:43:18.0842 7812 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
03:43:18.0851 7812 WwanSvc - ok
03:43:18.0940 7812 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
03:43:18.0945 7812 YahooAUService - ok
03:43:18.0960 7812 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
03:43:19.0150 7812 \Device\Harddisk0\DR0 - ok
03:43:19.0154 7812 Boot (0x1200) (2bd812be402c08e0d8789da6cb0d25e2) \Device\Harddisk0\DR0\Partition0
03:43:19.0156 7812 \Device\Harddisk0\DR0\Partition0 - ok
03:43:19.0170 7812 Boot (0x1200) (4d4014dd64287dea6372162158a497aa) \Device\Harddisk0\DR0\Partition1
03:43:19.0172 7812 \Device\Harddisk0\DR0\Partition1 - ok
03:43:19.0173 7812 ============================================================
03:43:19.0173 7812 Scan finished
03:43:19.0173 7812 ============================================================
03:43:19.0181 8040 Detected object count: 0
03:43:19.0181 8040 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 04:19:50
-----------------------------
04:19:50.469 OS Version: Windows x64 6.1.7601 Service Pack 1
04:19:50.469 Number of processors: 4 586 0x2502
04:19:50.470 ComputerName: JMAXWORTHY-PC UserName: JMAXWORTHY
04:19:52.499 Initialize success
04:19:56.470 AVAST engine defs: 12080801
04:20:01.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:20:01.196 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
04:20:01.223 Disk 0 MBR read successfully
04:20:01.225 Disk 0 MBR scan
04:20:01.228 Disk 0 Windows VISTA default MBR code
04:20:01.241 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
04:20:01.256 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
04:20:01.283 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938828 MB offset 30801920
04:20:01.336 Disk 0 scanning C:\Windows\system32\drivers
04:20:29.942 Service scanning
04:20:50.581 Modules scanning
04:20:50.594 Disk 0 trace - called modules:
04:20:50.621 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
04:20:50.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d90060]
04:20:50.628 3 CLASSPNP.SYS[fffff8800199d43f] -> nt!IofCallDriver -> [0xfffffa8006c92e40]
04:20:50.631 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007aa8060]
04:20:52.855 AVAST engine scan C:\Windows
04:22:07.420 AVAST engine scan C:\Windows\system32
04:26:27.918 AVAST engine scan C:\Windows\system32\drivers
04:26:40.976 AVAST engine scan C:\Users\JMAXWORTHY
04:59:36.994 AVAST engine scan C:\ProgramData
05:10:57.669 Scan finished successfully
05:11:25.075 Disk 0 MBR has been saved successfully to "C:\Users\JMAXWORTHY\Desktop\MBR.dat"
05:11:25.078 The log file has been saved successfully to "C:\Users\JMAXWORTHY\Desktop\aswMBR.txt"


Thanks again. John




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users