Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Detects Services.exe Infected with "TrojanHorsePatched_c.LXT"


  • This topic is locked This topic is locked
24 replies to this topic

#1 Cupka44

Cupka44

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 02 August 2012 - 10:16 AM

Post response that instructed me to post here: http://www.bleepingcomputer.com/forums/topic460294.html

Hello all,
This is my first time posting, and I've tried to do everything correctly, but if for some reason I haven't, please help me out.
My computer seems to be infected with (several) trojan horses. Infecting both "C://Windows/System32/services.exe", and "C://Windows/Assembly/GAC_32[and_64]/Desktop.ini". I have followed the instructions at this link, but my logs (although surprisingly similar) differ somewhat from the logs there. However, even after completing the instructions my problems remained.

System Specs:
OS: Windows 7 (64Bit)[SP1]
Proccessor/RAM: Intel Core i5-2450M CPU@ 2.50GHz, RAM 6.00GB
Machine Make: Lenovo Z570
Browsers Installed:
Chrome, Opera, Firefox, Seamonkey, Internet Explorer

Problem(s) as far as I can tell:
AVG detects "Services.exe" infected with a "TrojanHorsePatched_c.LXT" (MBAM does not).
AVG and MBAM detect "...GAC_32/Desktop.ini", and "...GAC_64/Desktop.ini" infected with "Trojan.Generic15.axla".
All browsers (as AVG detects Services.exe opening) redirect past this link ["http://socket.luckyorange.com/_ylt=3648C868A1DB;c29ja2V0Lmx1Y2t5b3JhbmdlLmNvbS9zb2NrZXQuaW8vMS94aHItcG9sbGluZy9GMVNzWkx6aVBZSXo4djVfOGR4bD90PTEzNDIwNDUzMzA1Nzc=-NTAuNy4yMTMuOTAvYy84enIxMjc5TDhHNXFzU1U0YmI4MDkyZmRkNDE0YmUwNThmMmVlZDkxMDM4NGJkN2IxNms="] to random websites.
Google links (sporadically) redirect past previous link to random websites. This doesn't happen all the time, but usually when I need to find something fast. :-/
All sites have ads (by adchoices) that aren't supposed to be there. (Including Gmail and Facebook.)
Chrome browser (previously) wouldn't allow me to access Facebook, Gmail, Google, or most other https sites due to "insecure connection". (My apologies that I don't have the actual message. Chrome doesn't seem to be having any problems now, so I don't have access to the message.)
All web pages (including all Google sites, and Facebook) are "helped out" by text-enhance. (Annoying links that contain advertisement pop-ups.)

Solutions (not) that I've tried so far:
(Note: These are all the ones that I can remember. I've been trying on my own for several days now.)
All instructions from first link.
DNS Dump (CMD> ipconfig /flushdns)
CC Cleaner
MBAM (Found Several infections, including before said, fixed/removed all, but problems remained.)
TDSS Killer (Kapersky) Found one infection originally, fixed that infection, but the problems remained.
AVG doing multiple scans. (With and without MBAM installed.) Found services.exe, plus a whole bunch of white-listed "infections" (system files, it called them).

Items that I remember doing before problems occurred (problems occurred after reboot):
Accessed www.passports.org on an insecure 3G network. (Tethered to my phone. Phone not infected.)
Installed DriveIconChanger 1.0
Installed Autoplay Menu Builder
Installed "Digital Clock Screensaver"
Installed 3PlaneSoft Screensavers:
Mechanical Clock 3D Screensaver
One Ring 3D Screensaver (Free).

Windows 7 installed automatic updates, asked me to restart, I did so, problems occurred.

I appreciate any help you can give me, and all the time that you people put into helping the ignorant fix their blunders.
Please note that I'm more available in the evenings than I am in the daytime, so if I don't respond directly after you, I will do so as soon as I'm available. Thanks for your patience!

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Stefan at 10:56:38 on 2012-08-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6058.3023 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\lxcccoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Stefan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\splwow64.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\MICROS~1\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stefan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=113959&tt=3112_1&babsrc=HP_ss&mntrId=909f2c6300000000000074e50b8fee0b
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: CodecC Class: {deba4dbe-2351-4644-b1ff-2989c8cc3eed} - C:\ProgramData\CodecC\bhoclass.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [MediaGet2] C:\Users\Stefan\AppData\Local\MediaGet2\mediaget.exe --minimized
uRun: [Shock4Way3D] C:\Program Files (x86)\Shock Utility\Shock4Way3D\Shock4Way3D.exe
uRun: [Facebook Update] "C:\Users\Stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\Users\Stefan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Stefan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Stefan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{274305C2-F7D7-491E-954A-7E42F353C69F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F2D80316-2286-47C6-ACEC-9B1DCD57D8AC} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{F2D80316-2286-47C6-ACEC-9B1DCD57D8AC}\130303D213 : DhcpNameServer = 70.150.177.11 70.150.177.40
TCP: Interfaces\{F2D80316-2286-47C6-ACEC-9B1DCD57D8AC}\34963736F65413030303 : DhcpNameServer = 192.168.100.1 192.168.1.1
TCP: Interfaces\{F2D80316-2286-47C6-ACEC-9B1DCD57D8AC}\3547162766C6565647 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{F2D80316-2286-47C6-ACEC-9B1DCD57D8AC}\35562756E6964797 : DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{F2D80316-2286-47C6-ACEC-9B1DCD57D8AC}\849435E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2D80316-2286-47C6-ACEC-9B1DCD57D8AC}\F40756E67416274656E6 : DhcpNameServer = 192.168.2.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: CodecC Class: {DEBA4DBE-2351-4644-B1FF-2989C8CC3EED} - C:\ProgramData\CodecC\bhoclass.dll
BHO-X64: CodecC - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun-x64: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\f33ezo01.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=113959&tt=3112_1&babsrc=HP_ss&mntrId=909f2c6300000000000074e50b8fee0b
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4d80eb55-ca46-4c93-9af1-13afbc336708%7D&mid=61e555c0f46e47d0b7d32197b753e78d-d35f27b38dd57f5c220140a53c05aabaa11ed46b&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-06-29%2021%3A38%3A11&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Stefan\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Stefan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stefan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Stefan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=3112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 909f2c6300000000000074e50b8fee0b
FF - user.js: extensions.BabylonToolbar.instlDay - 15551
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.19:18:16
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-21 2656280]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-6-29 935008]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vm2uvcflt;Vimicro USB Camera Filter 2;C:\windows\system32\Drivers\vm2uvcflt.sys --> C:\windows\system32\Drivers\vm2uvcflt.sys [?]
R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SMS_v3_2_0;SMS_v3_2_0;C:\ProgramData\Rosetta Stone\SMS v3.2.0hs\wrapper.exe [2007-7-12 204800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-27 250056]
S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\system32\drivers\rdpvideominiport.sys --> C:\windows\system32\drivers\rdpvideominiport.sys [?]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\windows\system32\Drivers\StkCMini.sys --> C:\windows\system32\Drivers\StkCMini.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 654408]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-02 14:37:34 -------- d-----w- C:\Users\Stefan\AppData\Local\LogMeIn
2012-08-02 14:37:32 87488 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2012-08-02 14:37:32 72216 ----a-w- C:\windows\System32\drivers\LMIRfsDriver.sys
2012-08-02 14:37:32 59808 ----a-w- C:\windows\System32\Spool\prtprocs\x64\LMIproc.dll
2012-08-02 14:37:32 34720 ----a-w- C:\windows\System32\LMIport.dll
2012-08-02 14:37:29 11552 ----a-w- C:\windows\System32\drivers\lmimirr.sys
2012-08-02 14:37:28 80800 ----a-w- C:\windows\System32\LMIinit.dll
2012-08-02 14:37:25 -------- d-----w- C:\ProgramData\LogMeIn
2012-08-02 14:37:15 -------- d-----w- C:\Program Files (x86)\LogMeIn
2012-08-02 14:28:37 -------- d-----w- C:\Program Files (x86)\MSECache
2012-07-30 13:18:22 -------- d-----w- C:\Users\Stefan\AppData\Roaming\BabylonToolbar
2012-07-30 13:18:16 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2012-07-30 13:18:00 -------- d-----w- C:\Users\Stefan\AppData\Roaming\Babylon
2012-07-30 13:18:00 -------- d-----w- C:\ProgramData\Babylon
2012-07-26 23:31:20 -------- d-sh--w- C:\found.001
2012-07-24 18:55:29 -------- d-----r- C:\Program Files (x86)\Skype
2012-07-21 23:23:50 9772 ----a-w- C:\ProgramData\SPL8AF4.tmp
2012-07-21 23:21:48 9772 ----a-w- C:\ProgramData\SPLADC0.tmp
2012-07-21 23:17:16 9772 ----a-w- C:\ProgramData\SPL886F.tmp
2012-07-12 15:21:39 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 21:26:56 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-11 21:26:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-11 20:35:43 1669749 ----a-w- C:\MGtools.exe
2012-07-11 20:27:17 -------- d-----w- C:\Program Files\CCleaner
2012-07-11 17:51:35 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-07-11 12:56:20 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-07-11 12:56:20 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 12:56:20 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 12:56:20 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 12:56:20 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 12:56:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 12:56:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 12:56:20 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 12:56:20 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 12:56:20 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 12:56:20 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 12:56:20 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-07-11 12:56:20 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-10 21:17:32 -------- d-----w- C:\Users\Stefan\AppData\Roaming\Windows Live Writer
2012-07-10 21:17:32 -------- d-----w- C:\Users\Stefan\AppData\Local\Windows Live Writer
2012-07-08 00:33:06 -------- d-----w- C:\Users\Stefan\AppData\Local\Mixxx
2012-07-08 00:31:34 -------- d-----w- C:\Program Files (x86)\Mixxx
2012-07-05 22:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-05 14:30:19 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-05 14:30:19 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-28 19:14:11 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-28 19:14:11 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-30 18:58:19 674138 ----a-w- C:\windows\unins000.exe
2012-06-23 20:35:12 231376 ----a-w- C:\windows\System32\drivers\truecrypt.sys
2012-06-08 16:05:56 35616 ----a-w- C:\windows\System32\lmimirr.dll
2012-06-08 16:05:56 14624 ----a-w- C:\windows\System32\lmimirr2.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 10:58:35.96 ===============


My System is x64, so no GMER log.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 05 August 2012 - 03:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 08 August 2012 - 07:50 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Cupka44

Cupka44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 08 August 2012 - 03:54 PM

Hey, yes. I was working on your instructions, but got rather distracted when I broke my toe. LoL. I'm back to working through them! Thank you!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 08 August 2012 - 04:04 PM

ouch!! I will be here when you are ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Cupka44

Cupka44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 08 August 2012 - 05:00 PM

There were no problems running either program.
The computer restarted several times (which I read somewhere was normal) during ComboFix.
The only thing I noticed was that it took almost 15 minutes to create the log, and "explorer.exe" didn't load until the last ComboFix dialogue box disappeared.


Security Check Log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````





Combo Fix Log:

ComboFix 12-08-08.01 - Stefan 08/08/2012 17:33:14.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6058.4480 [GMT -4:00]
Running from: c:\users\Stefan\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\SPL671B.tmp
c:\programdata\SPL886F.tmp
c:\programdata\SPL8AF4.tmp
c:\programdata\SPL99CB.tmp
c:\programdata\SPLADC0.tmp
c:\programdata\SPLAEF4.tmp
c:\users\Stefan\Documents\~WRL0003.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\gt.exe
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\@
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\L\00000004.@
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\L\201d3dde
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\L\55490ac4
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\U\00000004.@
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\U\00000008.@
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\U\000000cb.@
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\U\80000000.@
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\U\80000032.@
c:\windows\Installer\{ace7aa5c-1c3c-643e-08fa-ee9bd9f02714}\U\80000064.@
c:\windows\s.bat
c:\windows\SysWow64\DEBUG.log
c:\windows\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 21:37 . 2012-08-08 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 01:13 . 2012-08-03 01:13 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-02 21:00 . 2012-08-02 21:00 -------- d-----w- c:\windows\Sun
2012-08-02 18:56 . 2012-08-02 18:56 -------- d-----w- c:\users\Stefan\AppData\Roaming\UltraVNC
2012-08-02 18:56 . 2012-08-02 18:56 -------- d-----w- c:\program files\uvnc bvba
2012-08-02 16:39 . 2012-08-02 16:39 -------- d-----w- C:\found.002
2012-08-02 14:37 . 2012-08-02 14:37 -------- d-----w- c:\users\Stefan\AppData\Local\LogMeIn
2012-08-02 14:37 . 2012-07-05 22:11 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-08-02 14:37 . 2012-07-05 22:10 59808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-08-02 14:37 . 2012-07-05 22:10 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-08-02 14:37 . 2012-06-08 16:06 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-08-02 14:37 . 2012-06-08 16:05 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2012-08-02 14:37 . 2012-07-05 22:10 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-08-02 14:37 . 2012-08-08 14:17 -------- d-----w- c:\programdata\LogMeIn
2012-08-02 14:37 . 2012-08-02 14:37 -------- d-----w- c:\program files (x86)\LogMeIn
2012-08-02 14:28 . 2012-08-02 14:28 -------- d-----w- c:\program files (x86)\MSECache
2012-07-30 13:20 . 2012-07-31 00:41 -------- d-----w- c:\users\Stefan\AppData\Roaming\FileZilla
2012-07-30 13:19 . 2012-07-30 13:22 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-07-30 13:18 . 2012-07-30 13:18 304 ----a-w- C:\user.js
2012-07-30 13:18 . 2012-07-30 13:18 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-07-30 13:18 . 2012-07-30 13:18 -------- d-----w- c:\users\Stefan\AppData\Roaming\Babylon
2012-07-30 13:18 . 2012-07-30 13:18 -------- d-----w- c:\programdata\Babylon
2012-07-26 23:31 . 2012-07-26 23:31 -------- d-----w- C:\found.001
2012-07-24 18:55 . 2012-08-08 20:14 -------- d-----w- c:\users\Stefan\AppData\Roaming\Skype
2012-07-24 18:55 . 2012-07-24 18:56 -------- d-----r- c:\program files (x86)\Skype
2012-07-24 18:55 . 2012-07-24 18:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-24 18:55 . 2012-07-24 18:56 -------- d-----w- c:\programdata\Skype
2012-07-12 15:21 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:26 . 2012-07-11 21:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-11 21:26 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 20:35 . 2012-07-11 20:35 1669749 ----a-w- C:\MGtools.exe
2012-07-11 20:27 . 2012-07-11 20:27 -------- d-----w- c:\program files\CCleaner
2012-07-11 17:51 . 2012-07-11 17:51 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-07-11 12:56 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 12:56 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 12:56 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 12:56 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 12:56 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 12:56 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 12:56 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 12:56 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 12:56 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 12:56 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 12:56 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 12:56 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 12:56 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-10 21:17 . 2012-07-10 21:17 -------- d-----w- c:\users\Stefan\AppData\Local\Windows Live Writer
2012-07-10 21:17 . 2012-07-10 21:17 -------- d-----w- c:\users\Stefan\AppData\Roaming\Windows Live Writer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 01:13 . 2012-04-27 17:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 01:13 . 2012-03-04 03:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 15:19 . 2012-03-04 22:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-30 18:58 . 2012-06-30 18:58 674138 ----a-w- c:\windows\unins000.exe
2012-06-23 20:35 . 2012-06-23 20:35 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-06-08 16:05 . 2012-06-08 16:05 35616 ----a-w- c:\windows\system32\lmimirr.dll
2012-06-08 16:05 . 2012-06-08 16:05 14624 ----a-w- c:\windows\system32\lmimirr2.dll
2012-06-02 22:19 . 2012-06-18 23:50 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 23:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:50 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 23:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 23:50 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-18 23:50 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-18 23:50 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-30 01:38 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-30 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-24 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-12-21 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-30 1107552]
.
c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
Facebook Messenger.lnk - c:\users\Stefan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SMS_v3_2_0;SMS_v3_2_0;c:\programdata\Rosetta Stone\SMS v3.2.0hs\wrapper.exe [2006-10-18 204800]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
R3 MaplomL;MaplomL; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-05 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1816968]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-04 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-12-21 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-12-21 39008]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-12-21 13408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-05 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-30 935008]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-12-21 29792]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2011-02-14 234960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 01:13]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4050760944-2092946429-2692770965-1000Core.job
- c:\users\Stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 18:33]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4050760944-2092946429-2692770965-1000UA.job
- c:\users\Stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 18:33]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 11:51]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 11:51]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050760944-2092946429-2692770965-1000Core.job
- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-30 14:25]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050760944-2092946429-2692770965-1000UA.job
- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-30 14:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-12-21 11:40 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-12-21 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-12-21 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-12-21 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-12-21 5908928]
"LXCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCCtime.dll" [2007-02-22 28672]
"lxccmon.exe"="c:\program files (x86)\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 3300 Series\ezprint.exe" [2007-05-11 103344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=113959&tt=3112_1&babsrc=HP_ss&mntrId=909f2c6300000000000074e50b8fee0b
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.100.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\f33ezo01.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=113959&tt=3112_1&babsrc=HP_ss&mntrId=909f2c6300000000000074e50b8fee0b
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4d80eb55-ca46-4c93-9af1-13afbc336708%7D&mid=61e555c0f46e47d0b7d32197b753e78d-d35f27b38dd57f5c220140a53c05aabaa11ed46b&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-06-29%2021%3A38%3A11&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=3112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 909f2c6300000000000074e50b8fee0b
FF - user.js: extensions.BabylonToolbar.instlDay - 15551
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.19:18
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MediaGet2 - c:\users\Stefan\AppData\Local\MediaGet2\mediaget.exe
Wow6432Node-HKCU-Run-Shock4Way3D - c:\program files (x86)\Shock Utility\Shock4Way3D\Shock4Way3D.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4050760944-2092946429-2692770965-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A582E41E-F4F2-D47C-86CE-1B9351610A3D}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-08 17:47:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 21:47
.
Pre-Run: 247,498,121,216 bytes free
Post-Run: 247,520,718,848 bytes free
.
- - End Of File - - 7C9526444E0A94A9D6C524B68D542A0A

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 08 August 2012 - 05:20 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Cupka44

Cupka44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 08 August 2012 - 05:35 PM

Kaspersky Log:


18:28:08.0089 5716 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:28:08.0475 5716 ============================================================
18:28:08.0475 5716 Current date / time: 2012/08/08 18:28:08.0475
18:28:08.0475 5716 SystemInfo:
18:28:08.0475 5716
18:28:08.0475 5716 OS Version: 6.1.7601 ServicePack: 1.0
18:28:08.0475 5716 Product type: Workstation
18:28:08.0475 5716 ComputerName: STEFANCUPKA
18:28:08.0476 5716 UserName: Stefan
18:28:08.0476 5716 Windows directory: C:\windows
18:28:08.0476 5716 System windows directory: C:\windows
18:28:08.0476 5716 Running under WOW64
18:28:08.0476 5716 Processor architecture: Intel x64
18:28:08.0476 5716 Number of processors: 4
18:28:08.0476 5716 Page size: 0x1000
18:28:08.0476 5716 Boot type: Normal boot
18:28:08.0476 5716 ============================================================
18:28:08.0957 5716 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:28:08.0961 5716 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:28:09.0252 5716 ============================================================
18:28:09.0252 5716 \Device\Harddisk0\DR0:
18:28:09.0253 5716 MBR partitions:
18:28:09.0253 5716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:28:09.0253 5716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
18:28:09.0282 5716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
18:28:09.0282 5716 \Device\Harddisk1\DR1:
18:28:09.0283 5716 MBR partitions:
18:28:09.0283 5716 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
18:28:09.0283 5716 ============================================================
18:28:09.0339 5716 C: <-> \Device\Harddisk0\DR0\Partition1
18:28:09.0399 5716 D: <-> \Device\Harddisk0\DR0\Partition2
18:28:09.0404 5716 I: <-> \Device\Harddisk1\DR1\Partition0
18:28:09.0404 5716 ============================================================
18:28:09.0404 5716 Initialize success
18:28:09.0404 5716 ============================================================
18:28:51.0606 5580 ============================================================
18:28:51.0606 5580 Scan started
18:28:51.0606 5580 Mode: Manual;
18:28:51.0606 5580 ============================================================
18:28:52.0370 5580 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:28:52.0375 5580 1394ohci - ok
18:28:52.0419 5580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:28:52.0437 5580 ACPI - ok
18:28:52.0462 5580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:28:52.0464 5580 AcpiPmi - ok
18:28:52.0510 5580 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
18:28:52.0511 5580 ACPIVPC - ok
18:28:52.0597 5580 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:28:52.0598 5580 AdobeARMservice - ok
18:28:52.0734 5580 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:28:52.0744 5580 AdobeFlashPlayerUpdateSvc - ok
18:28:52.0812 5580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:28:52.0831 5580 adp94xx - ok
18:28:52.0882 5580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:28:52.0893 5580 adpahci - ok
18:28:52.0949 5580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:28:52.0953 5580 adpu320 - ok
18:28:53.0005 5580 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:28:53.0006 5580 AeLookupSvc - ok
18:28:53.0084 5580 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:28:53.0086 5580 AFD - ok
18:28:53.0134 5580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:28:53.0136 5580 agp440 - ok
18:28:53.0168 5580 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:28:53.0169 5580 ALG - ok
18:28:53.0203 5580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:28:53.0207 5580 aliide - ok
18:28:53.0210 5580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:28:53.0212 5580 amdide - ok
18:28:53.0250 5580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:28:53.0253 5580 AmdK8 - ok
18:28:53.0268 5580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
18:28:53.0270 5580 AmdPPM - ok
18:28:53.0293 5580 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:28:53.0296 5580 amdsata - ok
18:28:53.0339 5580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:28:53.0344 5580 amdsbs - ok
18:28:53.0360 5580 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:28:53.0360 5580 amdxata - ok
18:28:53.0408 5580 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:28:53.0411 5580 AppID - ok
18:28:53.0444 5580 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:28:53.0445 5580 AppIDSvc - ok
18:28:53.0463 5580 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
18:28:53.0463 5580 Appinfo - ok
18:28:53.0532 5580 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:28:53.0533 5580 Apple Mobile Device - ok
18:28:53.0597 5580 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
18:28:53.0598 5580 AppMgmt - ok
18:28:53.0654 5580 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:28:53.0657 5580 arc - ok
18:28:53.0671 5580 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:28:53.0675 5580 arcsas - ok
18:28:53.0711 5580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:28:53.0712 5580 AsyncMac - ok
18:28:53.0737 5580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:28:53.0738 5580 atapi - ok
18:28:53.0794 5580 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:28:53.0797 5580 AudioEndpointBuilder - ok
18:28:53.0802 5580 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:28:53.0805 5580 AudioSrv - ok
18:28:54.0095 5580 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
18:28:54.0191 5580 AVGIDSAgent - ok
18:28:54.0368 5580 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
18:28:54.0369 5580 AVGIDSDriver - ok
18:28:54.0382 5580 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
18:28:54.0382 5580 AVGIDSFilter - ok
18:28:54.0410 5580 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
18:28:54.0411 5580 AVGIDSHA - ok
18:28:54.0463 5580 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
18:28:54.0465 5580 Avgldx64 - ok
18:28:54.0484 5580 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
18:28:54.0484 5580 Avgmfx64 - ok
18:28:54.0508 5580 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
18:28:54.0509 5580 Avgrkx64 - ok
18:28:54.0539 5580 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
18:28:54.0542 5580 Avgtdia - ok
18:28:54.0645 5580 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:28:54.0647 5580 avgwd - ok
18:28:54.0703 5580 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
18:28:54.0704 5580 AxInstSV - ok
18:28:54.0770 5580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:28:54.0790 5580 b06bdrv - ok
18:28:54.0860 5580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:28:54.0873 5580 b57nd60a - ok
18:28:54.0935 5580 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:28:54.0936 5580 BDESVC - ok
18:28:54.0945 5580 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:28:54.0947 5580 Beep - ok
18:28:55.0008 5580 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
18:28:55.0044 5580 BFE - ok
18:28:55.0100 5580 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
18:28:55.0104 5580 BITS - ok
18:28:55.0166 5580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:28:55.0168 5580 blbdrive - ok
18:28:55.0275 5580 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:28:55.0277 5580 Bonjour Service - ok
18:28:55.0318 5580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:28:55.0318 5580 bowser - ok
18:28:55.0370 5580 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
18:28:55.0371 5580 BPntDrv - ok
18:28:55.0432 5580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:28:55.0434 5580 BrFiltLo - ok
18:28:55.0443 5580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:28:55.0446 5580 BrFiltUp - ok
18:28:55.0481 5580 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
18:28:55.0484 5580 BridgeMP - ok
18:28:55.0522 5580 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
18:28:55.0523 5580 Browser - ok
18:28:55.0558 5580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:28:55.0573 5580 Brserid - ok
18:28:55.0589 5580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:28:55.0591 5580 BrSerWdm - ok
18:28:55.0623 5580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:28:55.0626 5580 BrUsbMdm - ok
18:28:55.0636 5580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:28:55.0638 5580 BrUsbSer - ok
18:28:55.0677 5580 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
18:28:55.0679 5580 BthEnum - ok
18:28:55.0703 5580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:28:55.0706 5580 BTHMODEM - ok
18:28:55.0733 5580 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
18:28:55.0736 5580 BthPan - ok
18:28:55.0799 5580 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
18:28:55.0815 5580 BTHPORT - ok
18:28:55.0858 5580 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:28:55.0859 5580 bthserv - ok
18:28:55.0879 5580 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
18:28:55.0882 5580 BTHUSB - ok
18:28:55.0952 5580 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\windows\system32\DRIVERS\btwampfl.sys
18:28:55.0963 5580 BTWAMPFL - ok
18:28:55.0997 5580 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\windows\system32\drivers\btwaudio.sys
18:28:56.0000 5580 btwaudio - ok
18:28:56.0049 5580 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
18:28:56.0054 5580 btwavdt - ok
18:28:56.0167 5580 btwdins (3d5e7fb2cb69a6186c7954c0859173f4) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:28:56.0171 5580 btwdins - ok
18:28:56.0208 5580 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\windows\system32\DRIVERS\btwl2cap.sys
18:28:56.0211 5580 btwl2cap - ok
18:28:56.0238 5580 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
18:28:56.0240 5580 btwrchid - ok
18:28:56.0299 5580 catchme - ok
18:28:56.0328 5580 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:28:56.0331 5580 cdfs - ok
18:28:56.0362 5580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:28:56.0366 5580 cdrom - ok
18:28:56.0404 5580 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:28:56.0405 5580 CertPropSvc - ok
18:28:56.0457 5580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:28:56.0460 5580 circlass - ok
18:28:56.0492 5580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:28:56.0495 5580 CLFS - ok
18:28:56.0575 5580 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:56.0577 5580 clr_optimization_v2.0.50727_32 - ok
18:28:56.0632 5580 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:28:56.0635 5580 clr_optimization_v2.0.50727_64 - ok
18:28:56.0723 5580 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:56.0726 5580 clr_optimization_v4.0.30319_32 - ok
18:28:56.0761 5580 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:28:56.0770 5580 clr_optimization_v4.0.30319_64 - ok
18:28:56.0819 5580 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
18:28:56.0820 5580 clwvd - ok
18:28:56.0845 5580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:28:56.0847 5580 CmBatt - ok
18:28:56.0875 5580 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:28:56.0877 5580 cmdide - ok
18:28:56.0940 5580 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
18:28:56.0961 5580 CNG - ok
18:28:56.0975 5580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:28:56.0975 5580 Compbatt - ok
18:28:56.0999 5580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
18:28:57.0002 5580 CompositeBus - ok
18:28:57.0015 5580 COMSysApp - ok
18:28:57.0115 5580 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\windows\SysWow64\IntelCpHeciSvc.exe
18:28:57.0133 5580 cphs - ok
18:28:57.0157 5580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:28:57.0159 5580 crcdisk - ok
18:28:57.0222 5580 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
18:28:57.0224 5580 CryptSvc - ok
18:28:57.0292 5580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys
18:28:57.0314 5580 CSC - ok
18:28:57.0366 5580 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll
18:28:57.0369 5580 CscService - ok
18:28:57.0432 5580 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:28:57.0435 5580 DcomLaunch - ok
18:28:57.0480 5580 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:28:57.0482 5580 defragsvc - ok
18:28:57.0545 5580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:28:57.0546 5580 DfsC - ok
18:28:57.0602 5580 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:28:57.0604 5580 Dhcp - ok
18:28:57.0613 5580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:28:57.0614 5580 discache - ok
18:28:57.0676 5580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:28:57.0678 5580 Disk - ok
18:28:57.0697 5580 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:28:57.0698 5580 Dnscache - ok
18:28:57.0724 5580 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:28:57.0725 5580 dot3svc - ok
18:28:57.0748 5580 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:28:57.0749 5580 DPS - ok
18:28:57.0794 5580 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:28:57.0796 5580 drmkaud - ok
18:28:57.0854 5580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:28:57.0859 5580 DXGKrnl - ok
18:28:57.0909 5580 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:28:57.0910 5580 EapHost - ok
18:28:58.0063 5580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:28:58.0145 5580 ebdrv - ok
18:28:58.0279 5580 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:28:58.0280 5580 EFS - ok
18:28:58.0355 5580 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:28:58.0359 5580 ehRecvr - ok
18:28:58.0386 5580 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:28:58.0387 5580 ehSched - ok
18:28:58.0459 5580 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\windows\system32\Drivers\ElbyCDFL.sys
18:28:58.0460 5580 ElbyCDFL - ok
18:28:58.0533 5580 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\windows\system32\Drivers\ElbyCDIO.sys
18:28:58.0534 5580 ElbyCDIO - ok
18:28:58.0595 5580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:28:58.0623 5580 elxstor - ok
18:28:58.0635 5580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:28:58.0637 5580 ErrDev - ok
18:28:58.0702 5580 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:28:58.0705 5580 EventSystem - ok
18:28:58.0885 5580 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:28:58.0892 5580 EvtEng - ok
18:28:59.0034 5580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:28:59.0039 5580 exfat - ok
18:28:59.0070 5580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:28:59.0083 5580 fastfat - ok
18:28:59.0134 5580 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:28:59.0158 5580 Fax - ok
18:28:59.0197 5580 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
18:28:59.0198 5580 fbfmon - ok
18:28:59.0235 5580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:28:59.0238 5580 fdc - ok
18:28:59.0276 5580 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:28:59.0277 5580 fdPHost - ok
18:28:59.0302 5580 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:28:59.0303 5580 FDResPub - ok
18:28:59.0330 5580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:28:59.0331 5580 FileInfo - ok
18:28:59.0354 5580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:28:59.0354 5580 Filetrace - ok
18:28:59.0373 5580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:28:59.0375 5580 flpydisk - ok
18:28:59.0402 5580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:28:59.0404 5580 FltMgr - ok
18:28:59.0478 5580 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
18:28:59.0483 5580 FontCache - ok
18:28:59.0555 5580 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:28:59.0558 5580 FontCache3.0.0.0 - ok
18:28:59.0600 5580 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:28:59.0600 5580 FsDepends - ok
18:28:59.0641 5580 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
18:28:59.0642 5580 Fs_Rec - ok
18:28:59.0677 5580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:28:59.0679 5580 fvevol - ok
18:28:59.0714 5580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:28:59.0717 5580 gagp30kx - ok
18:28:59.0750 5580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:28:59.0751 5580 GEARAspiWDM - ok
18:28:59.0811 5580 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
18:28:59.0815 5580 gpsvc - ok
18:28:59.0921 5580 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:59.0922 5580 gupdate - ok
18:28:59.0948 5580 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:59.0949 5580 gupdatem - ok
18:28:59.0977 5580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:28:59.0980 5580 hcw85cir - ok
18:29:00.0017 5580 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:29:00.0036 5580 HdAudAddService - ok
18:29:00.0065 5580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:29:00.0068 5580 HDAudBus - ok
18:29:00.0086 5580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:29:00.0088 5580 HidBatt - ok
18:29:00.0108 5580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:29:00.0111 5580 HidBth - ok
18:29:00.0138 5580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:29:00.0141 5580 HidIr - ok
18:29:00.0168 5580 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
18:29:00.0169 5580 hidserv - ok
18:29:00.0188 5580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:29:00.0190 5580 HidUsb - ok
18:29:00.0226 5580 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
18:29:00.0227 5580 hkmsvc - ok
18:29:00.0260 5580 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
18:29:00.0262 5580 HomeGroupListener - ok
18:29:00.0300 5580 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
18:29:00.0302 5580 HomeGroupProvider - ok
18:29:00.0338 5580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:29:00.0341 5580 HpSAMD - ok
18:29:00.0395 5580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:29:00.0399 5580 HTTP - ok
18:29:00.0433 5580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:29:00.0434 5580 hwpolicy - ok
18:29:00.0463 5580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:29:00.0466 5580 i8042prt - ok
18:29:00.0517 5580 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
18:29:00.0519 5580 iaStor - ok
18:29:00.0566 5580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:29:00.0584 5580 iaStorV - ok
18:29:00.0850 5580 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:29:00.0888 5580 idsvc - ok
18:29:01.0478 5580 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\windows\system32\DRIVERS\igdkmd64.sys
18:29:01.0833 5580 igfx - ok
18:29:01.0963 5580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:29:01.0966 5580 iirsp - ok
18:29:02.0043 5580 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:29:02.0073 5580 IKEEXT - ok
18:29:02.0230 5580 IntcAzAudAddService (aba41ee6f5eefc034f3bbd025506b37e) C:\windows\system32\drivers\RTKVHD64.sys
18:29:02.0242 5580 IntcAzAudAddService - ok
18:29:02.0385 5580 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
18:29:02.0406 5580 IntcDAud - ok
18:29:02.0453 5580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:29:02.0456 5580 intelide - ok
18:29:02.0476 5580 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:29:02.0477 5580 intelppm - ok
18:29:02.0505 5580 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:29:02.0507 5580 IPBusEnum - ok
18:29:02.0532 5580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:29:02.0535 5580 IpFilterDriver - ok
18:29:02.0602 5580 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:29:02.0605 5580 iphlpsvc - ok
18:29:02.0633 5580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:29:02.0636 5580 IPMIDRV - ok
18:29:02.0670 5580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:29:02.0673 5580 IPNAT - ok
18:29:02.0797 5580 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:29:02.0830 5580 iPod Service - ok
18:29:02.0866 5580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:29:02.0867 5580 IRENUM - ok
18:29:02.0888 5580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:29:02.0890 5580 isapnp - ok
18:29:02.0915 5580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:29:02.0928 5580 iScsiPrt - ok
18:29:02.0956 5580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:29:02.0957 5580 kbdclass - ok
18:29:02.0980 5580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
18:29:02.0983 5580 kbdhid - ok
18:29:03.0022 5580 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:29:03.0023 5580 KeyIso - ok
18:29:03.0063 5580 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
18:29:03.0064 5580 KSecDD - ok
18:29:03.0082 5580 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
18:29:03.0085 5580 KSecPkg - ok
18:29:03.0127 5580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:29:03.0129 5580 ksthunk - ok
18:29:03.0187 5580 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:29:03.0205 5580 KtmRm - ok
18:29:03.0259 5580 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
18:29:03.0261 5580 LanmanServer - ok
18:29:03.0278 5580 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:29:03.0280 5580 LanmanWorkstation - ok
18:29:03.0314 5580 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
18:29:03.0314 5580 LHDmgr - ok
18:29:03.0351 5580 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:29:03.0352 5580 lltdio - ok
18:29:03.0399 5580 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:29:03.0412 5580 lltdsvc - ok
18:29:03.0440 5580 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:29:03.0441 5580 lmhosts - ok
18:29:03.0593 5580 LMIGuardianSvc (98b0fcc176dfb711b67651becb88c445) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
18:29:03.0595 5580 LMIGuardianSvc - ok
18:29:03.0627 5580 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
18:29:03.0628 5580 LMIInfo - ok
18:29:03.0647 5580 LMIMaint (b712511029cbd68645a90a241fd6ae43) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
18:29:03.0648 5580 LMIMaint - ok
18:29:03.0677 5580 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\windows\system32\DRIVERS\lmimirr.sys
18:29:03.0678 5580 lmimirr - ok
18:29:03.0706 5580 LMIRfsClientNP - ok
18:29:03.0722 5580 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\windows\system32\drivers\LMIRfsDriver.sys
18:29:03.0723 5580 LMIRfsDriver - ok
18:29:03.0794 5580 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:29:03.0805 5580 LMS - ok
18:29:03.0872 5580 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
18:29:03.0874 5580 LogMeIn - ok
18:29:03.0927 5580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:29:03.0930 5580 LSI_FC - ok
18:29:03.0951 5580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:29:03.0954 5580 LSI_SAS - ok
18:29:03.0968 5580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:29:03.0971 5580 LSI_SAS2 - ok
18:29:03.0995 5580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:29:03.0998 5580 LSI_SCSI - ok
18:29:04.0022 5580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:29:04.0023 5580 luafv - ok
18:29:04.0025 5580 lxcc_device - ok
18:29:04.0048 5580 Maplom - ok
18:29:04.0058 5580 MaplomL - ok
18:29:04.0083 5580 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
18:29:04.0085 5580 MBAMProtector - ok
18:29:04.0153 5580 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:29:04.0178 5580 MBAMService - ok
18:29:04.0209 5580 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:29:04.0212 5580 Mcx2Svc - ok
18:29:04.0304 5580 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:29:04.0314 5580 MDM - ok
18:29:04.0347 5580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:29:04.0350 5580 megasas - ok
18:29:04.0382 5580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:29:04.0387 5580 MegaSR - ok
18:29:04.0425 5580 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
18:29:04.0426 5580 MEIx64 - ok
18:29:04.0461 5580 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:29:04.0462 5580 MMCSS - ok
18:29:04.0493 5580 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:29:04.0495 5580 Modem - ok
18:29:04.0532 5580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:29:04.0533 5580 monitor - ok
18:29:04.0561 5580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:29:04.0562 5580 mouclass - ok
18:29:04.0580 5580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:29:04.0583 5580 mouhid - ok
18:29:04.0598 5580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:29:04.0599 5580 mountmgr - ok
18:29:04.0672 5580 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:29:04.0675 5580 MozillaMaintenance - ok
18:29:04.0698 5580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:29:04.0702 5580 mpio - ok
18:29:04.0736 5580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:29:04.0739 5580 mpsdrv - ok
18:29:04.0816 5580 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
18:29:04.0849 5580 MpsSvc - ok
18:29:04.0873 5580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:29:04.0877 5580 MRxDAV - ok
18:29:04.0903 5580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:29:04.0904 5580 mrxsmb - ok
18:29:04.0949 5580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:29:04.0951 5580 mrxsmb10 - ok
18:29:04.0985 5580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:29:04.0986 5580 mrxsmb20 - ok
18:29:05.0006 5580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:29:05.0007 5580 msahci - ok
18:29:05.0033 5580 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:29:05.0037 5580 msdsm - ok
18:29:05.0068 5580 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:29:05.0072 5580 MSDTC - ok
18:29:05.0087 5580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:29:05.0089 5580 Msfs - ok
18:29:05.0130 5580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:29:05.0130 5580 mshidkmdf - ok
18:29:05.0144 5580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:29:05.0144 5580 msisadrv - ok
18:29:05.0168 5580 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:29:05.0172 5580 MSiSCSI - ok
18:29:05.0174 5580 msiserver - ok
18:29:05.0205 5580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:29:05.0208 5580 MSKSSRV - ok
18:29:05.0227 5580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:29:05.0230 5580 MSPCLOCK - ok
18:29:05.0248 5580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:29:05.0250 5580 MSPQM - ok
18:29:05.0283 5580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:29:05.0304 5580 MsRPC - ok
18:29:05.0316 5580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:29:05.0316 5580 mssmbios - ok
18:29:05.0331 5580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:29:05.0335 5580 MSTEE - ok
18:29:05.0345 5580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:29:05.0350 5580 MTConfig - ok
18:29:05.0369 5580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:29:05.0370 5580 Mup - ok
18:29:05.0478 5580 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:29:05.0499 5580 MyWiFiDHCPDNS - ok
18:29:05.0536 5580 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
18:29:05.0556 5580 napagent - ok
18:29:05.0609 5580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:29:05.0610 5580 NativeWifiP - ok
18:29:05.0698 5580 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
18:29:05.0703 5580 NDIS - ok
18:29:05.0753 5580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:29:05.0756 5580 NdisCap - ok
18:29:05.0781 5580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:29:05.0783 5580 NdisTapi - ok
18:29:05.0827 5580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:29:05.0828 5580 Ndisuio - ok
18:29:05.0853 5580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:29:05.0857 5580 NdisWan - ok
18:29:05.0877 5580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:29:05.0880 5580 NDProxy - ok
18:29:05.0895 5580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:29:05.0898 5580 NetBIOS - ok
18:29:05.0926 5580 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:29:05.0928 5580 NetBT - ok
18:29:05.0983 5580 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:29:05.0984 5580 Netlogon - ok
18:29:06.0038 5580 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:29:06.0041 5580 Netman - ok
18:29:06.0076 5580 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:29:06.0079 5580 netprofm - ok
18:29:06.0141 5580 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:29:06.0144 5580 NetTcpPortSharing - ok
18:29:06.0501 5580 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\windows\system32\DRIVERS\NETwNs64.sys
18:29:06.0686 5580 NETwNs64 - ok
18:29:06.0828 5580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:29:06.0831 5580 nfrd960 - ok
18:29:06.0889 5580 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:29:06.0891 5580 NlaSvc - ok
18:29:06.0903 5580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:29:06.0906 5580 Npfs - ok
18:29:06.0921 5580 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:29:06.0922 5580 nsi - ok
18:29:06.0941 5580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:29:06.0941 5580 nsiproxy - ok
18:29:07.0024 5580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:29:07.0032 5580 Ntfs - ok
18:29:07.0142 5580 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:29:07.0143 5580 Null - ok
18:29:07.0187 5580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:29:07.0191 5580 nvraid - ok
18:29:07.0218 5580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:29:07.0222 5580 nvstor - ok
18:29:07.0289 5580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:29:07.0292 5580 nv_agp - ok
18:29:07.0310 5580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:29:07.0313 5580 ohci1394 - ok
18:29:07.0392 5580 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:07.0395 5580 ose - ok
18:29:07.0447 5580 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:29:07.0450 5580 p2pimsvc - ok
18:29:07.0498 5580 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:29:07.0501 5580 p2psvc - ok
18:29:07.0530 5580 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:29:07.0533 5580 Parport - ok
18:29:07.0567 5580 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
18:29:07.0568 5580 partmgr - ok
18:29:07.0595 5580 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:29:07.0597 5580 PcaSvc - ok
18:29:07.0622 5580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:29:07.0625 5580 pci - ok
18:29:07.0651 5580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
18:29:07.0653 5580 pciide - ok
18:29:07.0676 5580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:29:07.0687 5580 pcmcia - ok
18:29:07.0707 5580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:29:07.0707 5580 pcw - ok
18:29:07.0810 5580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:29:07.0820 5580 PEAUTH - ok
18:29:07.0954 5580 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
18:29:07.0961 5580 PeerDistSvc - ok
18:29:08.0025 5580 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:29:08.0026 5580 PerfHost - ok
18:29:08.0173 5580 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:29:08.0180 5580 pla - ok
18:29:08.0243 5580 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:29:08.0246 5580 PlugPlay - ok
18:29:08.0261 5580 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:29:08.0262 5580 PNRPAutoReg - ok
18:29:08.0291 5580 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:29:08.0294 5580 PNRPsvc - ok
18:29:08.0341 5580 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:29:08.0354 5580 PolicyAgent - ok
18:29:08.0380 5580 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:29:08.0382 5580 Power - ok
18:29:08.0457 5580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:29:08.0460 5580 PptpMiniport - ok
18:29:08.0484 5580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:29:08.0487 5580 Processor - ok
18:29:08.0534 5580 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
18:29:08.0536 5580 ProfSvc - ok
18:29:08.0579 5580 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:29:08.0580 5580 ProtectedStorage - ok
18:29:08.0613 5580 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:29:08.0614 5580 Psched - ok
18:29:08.0699 5580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:29:08.0751 5580 ql2300 - ok
18:29:08.0892 5580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:29:08.0895 5580 ql40xx - ok
18:29:08.0931 5580 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:29:08.0933 5580 QWAVE - ok
18:29:08.0950 5580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:29:08.0951 5580 QWAVEdrv - ok
18:29:08.0967 5580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:29:08.0969 5580 RasAcd - ok
18:29:09.0006 5580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:29:09.0008 5580 RasAgileVpn - ok
18:29:09.0021 5580 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:29:09.0022 5580 RasAuto - ok
18:29:09.0037 5580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:29:09.0040 5580 Rasl2tp - ok
18:29:09.0075 5580 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:29:09.0078 5580 RasMan - ok
18:29:09.0103 5580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:29:09.0106 5580 RasPppoe - ok
18:29:09.0134 5580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:29:09.0137 5580 RasSstp - ok
18:29:09.0164 5580 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:29:09.0176 5580 rdbss - ok
18:29:09.0194 5580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
18:29:09.0197 5580 rdpbus - ok
18:29:09.0212 5580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:29:09.0213 5580 RDPCDD - ok
18:29:09.0250 5580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys
18:29:09.0254 5580 RDPDR - ok
18:29:09.0265 5580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:29:09.0265 5580 RDPENCDD - ok
18:29:09.0274 5580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:29:09.0275 5580 RDPREFMP - ok
18:29:09.0327 5580 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\windows\system32\drivers\rdpvideominiport.sys
18:29:09.0330 5580 RdpVideoMiniport - ok
18:29:09.0379 5580 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
18:29:09.0392 5580 RDPWD - ok
18:29:09.0438 5580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:29:09.0441 5580 rdyboost - ok
18:29:09.0553 5580 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:29:09.0572 5580 RegSrvc - ok
18:29:09.0612 5580 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:29:09.0614 5580 RemoteAccess - ok
18:29:09.0641 5580 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:29:09.0642 5580 RemoteRegistry - ok
18:29:09.0699 5580 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
18:29:09.0703 5580 RFCOMM - ok
18:29:09.0722 5580 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:29:09.0724 5580 RpcEptMapper - ok
18:29:09.0747 5580 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:29:09.0748 5580 RpcLocator - ok
18:29:09.0777 5580 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:29:09.0781 5580 RpcSs - ok
18:29:09.0821 5580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:29:09.0821 5580 rspndr - ok
18:29:09.0887 5580 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RtsUVStor.sys
18:29:09.0888 5580 RSUSBVSTOR - ok
18:29:09.0943 5580 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
18:29:09.0946 5580 RTL8167 - ok
18:29:09.0988 5580 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:29:09.0989 5580 SamSs - ok
18:29:10.0020 5580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:29:10.0023 5580 sbp2port - ok
18:29:10.0068 5580 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:29:10.0070 5580 SCardSvr - ok
18:29:10.0085 5580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:29:10.0085 5580 scfilter - ok
18:29:10.0147 5580 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:29:10.0153 5580 Schedule - ok
18:29:10.0182 5580 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:29:10.0183 5580 SCPolicySvc - ok
18:29:10.0209 5580 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:29:10.0211 5580 SDRSVC - ok
18:29:10.0270 5580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:29:10.0270 5580 secdrv - ok
18:29:10.0296 5580 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:29:10.0297 5580 seclogon - ok
18:29:10.0312 5580 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
18:29:10.0314 5580 SENS - ok
18:29:10.0335 5580 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:29:10.0336 5580 SensrSvc - ok
18:29:10.0356 5580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:29:10.0358 5580 Serenum - ok
18:29:10.0400 5580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:29:10.0403 5580 Serial - ok
18:29:10.0431 5580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:29:10.0434 5580 sermouse - ok
18:29:10.0457 5580 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
18:29:10.0459 5580 SessionEnv - ok
18:29:10.0472 5580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:29:10.0474 5580 sffdisk - ok
18:29:10.0483 5580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:29:10.0485 5580 sffp_mmc - ok
18:29:10.0502 5580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:29:10.0504 5580 sffp_sd - ok
18:29:10.0527 5580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:29:10.0529 5580 sfloppy - ok
18:29:10.0596 5580 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:29:10.0613 5580 SharedAccess - ok
18:29:10.0658 5580 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:29:10.0661 5580 ShellHWDetection - ok
18:29:10.0697 5580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:29:10.0700 5580 SiSRaid2 - ok
18:29:10.0732 5580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:29:10.0735 5580 SiSRaid4 - ok
18:29:10.0939 5580 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:29:11.0010 5580 Skype C2C Service - ok
18:29:11.0101 5580 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:29:11.0102 5580 SkypeUpdate - ok
18:29:11.0218 5580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:29:11.0221 5580 Smb - ok
18:29:11.0299 5580 SMS_v3_2_0 (06dc2fdc6282f0d68910417b1150c848) C:\ProgramData\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
18:29:11.0300 5580 SMS_v3_2_0 - ok
18:29:11.0333 5580 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:29:11.0335 5580 SNMPTRAP - ok
18:29:11.0370 5580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:29:11.0370 5580 spldr - ok
18:29:11.0406 5580 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:29:11.0410 5580 Spooler - ok
18:29:11.0555 5580 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:29:11.0571 5580 sppsvc - ok
18:29:11.0686 5580 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:29:11.0688 5580 sppuinotify - ok
18:29:11.0739 5580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:29:11.0741 5580 srv - ok
18:29:11.0760 5580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:29:11.0762 5580 srv2 - ok
18:29:11.0773 5580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:29:11.0775 5580 srvnet - ok
18:29:11.0823 5580 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:29:11.0825 5580 SSDPSRV - ok
18:29:11.0839 5580 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:29:11.0840 5580 SstpSvc - ok
18:29:11.0869 5580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:29:11.0873 5580 stexstor - ok
18:29:11.0917 5580 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:29:11.0920 5580 stisvc - ok
18:29:12.0023 5580 StkCMini (df3e643f066534bde8e1a91e94af3125) C:\windows\system32\Drivers\StkCMini.sys
18:29:12.0100 5580 StkCMini - ok
18:29:12.0218 5580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:29:12.0219 5580 swenum - ok
18:29:12.0274 5580 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:29:12.0277 5580 swprv - ok
18:29:12.0279 5580 Synth3dVsc - ok
18:29:12.0374 5580 SynTP (08425cd92972c6430f350a9697f4a553) C:\windows\system32\DRIVERS\SynTP.sys
18:29:12.0381 5580 SynTP - ok
18:29:12.0565 5580 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:29:12.0574 5580 SysMain - ok
18:29:12.0672 5580 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:29:12.0674 5580 TabletInputService - ok
18:29:12.0705 5580 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:29:12.0707 5580 TapiSrv - ok
18:29:12.0721 5580 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:29:12.0722 5580 TBS - ok
18:29:12.0861 5580 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
18:29:12.0870 5580 Tcpip - ok
18:29:13.0036 5580 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
18:29:13.0044 5580 TCPIP6 - ok
18:29:13.0152 5580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:29:13.0154 5580 tcpipreg - ok
18:29:13.0175 5580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:29:13.0177 5580 TDPIPE - ok
18:29:13.0213 5580 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:29:13.0215 5580 TDTCP - ok
18:29:13.0251 5580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:29:13.0252 5580 tdx - ok
18:29:13.0266 5580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:29:13.0267 5580 TermDD - ok
18:29:13.0323 5580 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:29:13.0327 5580 TermService - ok
18:29:13.0379 5580 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:29:13.0380 5580 Themes - ok
18:29:13.0407 5580 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:29:13.0409 5580 THREADORDER - ok
18:29:13.0430 5580 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:29:13.0431 5580 TrkWks - ok
18:29:13.0477 5580 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\windows\system32\drivers\truecrypt.sys
18:29:13.0479 5580 truecrypt - ok
18:29:13.0549 5580 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:29:13.0550 5580 TrustedInstaller - ok
18:29:13.0584 5580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:29:13.0585 5580 tssecsrv - ok
18:29:13.0609 5580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:29:13.0612 5580 TsUsbFlt - ok
18:29:13.0625 5580 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:29:13.0628 5580 TsUsbGD - ok
18:29:13.0630 5580 tsusbhub - ok
18:29:13.0660 5580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:29:13.0663 5580 tunnel - ok
18:29:13.0681 5580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:29:13.0684 5580 uagp35 - ok
18:29:13.0716 5580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:29:13.0728 5580 udfs - ok
18:29:13.0754 5580 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:29:13.0756 5580 UI0Detect - ok
18:29:13.0889 5580 UleadBurningHelper (f13da74969897359a88f2a739f54a250) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:29:13.0889 5580 UleadBurningHelper - ok
18:29:13.0930 5580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:29:13.0932 5580 uliagpkx - ok
18:29:13.0954 5580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:29:13.0956 5580 umbus - ok
18:29:13.0976 5580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:29:13.0978 5580 UmPass - ok
18:29:14.0032 5580 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll
18:29:14.0034 5580 UmRdpService - ok
18:29:14.0205 5580 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:29:14.0299 5580 UNS - ok
18:29:14.0434 5580 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:29:14.0436 5580 upnphost - ok
18:29:14.0492 5580 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
18:29:14.0500 5580 USBAAPL64 - ok
18:29:14.0542 5580 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
18:29:14.0545 5580 usbaudio - ok
18:29:14.0578 5580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:29:14.0581 5580 usbccgp - ok
18:29:14.0606 5580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:29:14.0609 5580 usbcir - ok
18:29:14.0634 5580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
18:29:14.0637 5580 usbehci - ok
18:29:14.0656 5580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:29:14.0669 5580 usbhub - ok
18:29:14.0688 5580 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:29:14.0690 5580 usbohci - ok
18:29:14.0715 5580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:29:14.0717 5580 usbprint - ok
18:29:14.0774 5580 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
18:29:14.0776 5580 usbscan - ok
18:29:14.0798 5580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:29:14.0801 5580 USBSTOR - ok
18:29:14.0821 5580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:29:14.0824 5580 usbuhci - ok
18:29:14.0862 5580 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:29:14.0866 5580 usbvideo - ok
18:29:14.0894 5580 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:29:14.0895 5580 UxSms - ok
18:29:14.0941 5580 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:29:14.0942 5580 VaultSvc - ok
18:29:14.0979 5580 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\windows\system32\DRIVERS\VClone.sys
18:29:14.0982 5580 VClone - ok
18:29:15.0016 5580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:29:15.0017 5580 vdrvroot - ok
18:29:15.0068 5580 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:29:15.0071 5580 vds - ok
18:29:15.0088 5580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:29:15.0092 5580 vga - ok
18:29:15.0114 5580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:29:15.0117 5580 VgaSave - ok
18:29:15.0119 5580 VGPU - ok
18:29:15.0151 5580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:29:15.0164 5580 vhdmp - ok
18:29:15.0206 5580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:29:15.0209 5580 viaide - ok
18:29:15.0247 5580 vm2uvcflt (5cb80afa98111fc6ed6e8702a0d7ac5b) C:\windows\system32\Drivers\vm2uvcflt.sys
18:29:15.0254 5580 vm2uvcflt - ok
18:29:15.0283 5580 vm332avs (d8bd0784aadce2aaee8f8e2c57a0bc7c) C:\windows\system32\Drivers\vm332avs.sys
18:29:15.0290 5580 vm332avs - ok
18:29:15.0306 5580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:29:15.0308 5580 volmgr - ok
18:29:15.0332 5580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:29:15.0334 5580 volmgrx - ok
18:29:15.0355 5580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:29:15.0369 5580 volsnap - ok
18:29:15.0411 5580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:29:15.0414 5580 vsmraid - ok
18:29:15.0502 5580 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:29:15.0510 5580 VSS - ok
18:29:15.0621 5580 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
18:29:15.0665 5580 vToolbarUpdater11.2.0 - ok
18:29:15.0771 5580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:29:15.0773 5580 vwifibus - ok
18:29:15.0784 5580 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:29:15.0786 5580 vwififlt - ok
18:29:15.0803 5580 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:29:15.0804 5580 vwifimp - ok
18:29:15.0840 5580 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:29:15.0843 5580 W32Time - ok
18:29:15.0866 5580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:29:15.0869 5580 WacomPen - ok
18:29:15.0898 5580 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:29:15.0901 5580 WANARP - ok
18:29:15.0913 5580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:29:15.0914 5580 Wanarpv6 - ok
18:29:16.0002 5580 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:29:16.0050 5580 WatAdminSvc - ok
18:29:16.0139 5580 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
18:29:16.0146 5580 wbengine - ok
18:29:16.0256 5580 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:29:16.0258 5580 WbioSrvc - ok
18:29:16.0292 5580 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
18:29:16.0294 5580 wcncsvc - ok
18:29:16.0305 5580 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:29:16.0306 5580 WcsPlugInService - ok
18:29:16.0352 5580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:29:16.0355 5580 Wd - ok
18:29:16.0408 5580 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
18:29:16.0410 5580 WDC_SAM - ok
18:29:16.0457 5580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:29:16.0480 5580 Wdf01000 - ok
18:29:16.0516 5580 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:29:16.0518 5580 WdiServiceHost - ok
18:29:16.0520 5580 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:29:16.0522 5580 WdiSystemHost - ok
18:29:16.0548 5580 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
18:29:16.0554 5580 wdkmd - ok
18:29:16.0585 5580 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
18:29:16.0587 5580 WebClient - ok
18:29:16.0609 5580 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:29:16.0612 5580 Wecsvc - ok
18:29:16.0635 5580 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:29:16.0636 5580 wercplsupport - ok
18:29:16.0674 5580 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:29:16.0676 5580 WerSvc - ok
18:29:16.0708 5580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:29:16.0710 5580 WfpLwf - ok
18:29:16.0725 5580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:29:16.0728 5580 WIMMount - ok
18:29:16.0773 5580 WinDefend - ok
18:29:16.0777 5580 WinHttpAutoProxySvc - ok
18:29:16.0846 5580 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:29:16.0848 5580 Winmgmt - ok
18:29:16.0951 5580 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
18:29:16.0962 5580 WinRM - ok
18:29:17.0130 5580 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
18:29:17.0132 5580 WinUsb - ok
18:29:17.0192 5580 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:29:17.0197 5580 Wlansvc - ok
18:29:17.0271 5580 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:29:17.0273 5580 wlcrasvc - ok
18:29:17.0397 5580 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:29:17.0466 5580 wlidsvc - ok
18:29:17.0578 5580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:29:17.0579 5580 WmiAcpi - ok
18:29:17.0646 5580 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:29:17.0648 5580 wmiApSrv - ok
18:29:17.0688 5580 WMPNetworkSvc - ok
18:29:17.0717 5580 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:29:17.0718 5580 WPCSvc - ok
18:29:17.0733 5580 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:29:17.0735 5580 WPDBusEnum - ok
18:29:17.0758 5580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:29:17.0759 5580 ws2ifsl - ok
18:29:17.0800 5580 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
18:29:17.0801 5580 wscsvc - ok
18:29:17.0803 5580 WSearch - ok
18:29:17.0850 5580 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
18:29:17.0853 5580 wsvd - ok
18:29:17.0983 5580 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
18:29:17.0995 5580 wuauserv - ok
18:29:18.0127 5580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:29:18.0128 5580 WudfPf - ok
18:29:18.0157 5580 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:29:18.0160 5580 WUDFRd - ok
18:29:18.0190 5580 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:29:18.0192 5580 wudfsvc - ok
18:29:18.0220 5580 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:29:18.0222 5580 WwanSvc - ok
18:29:18.0251 5580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:29:18.0433 5580 \Device\Harddisk0\DR0 - ok
18:29:18.0436 5580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:29:18.0440 5580 \Device\Harddisk1\DR1 - ok
18:29:18.0449 5580 Boot (0x1200) (bf3745d121671c0fbbb01077173e1b4a) \Device\Harddisk0\DR0\Partition0
18:29:18.0452 5580 \Device\Harddisk0\DR0\Partition0 - ok
18:29:18.0467 5580 Boot (0x1200) (1a85228ee3621d1acdfe28d2767105aa) \Device\Harddisk0\DR0\Partition1
18:29:18.0469 5580 \Device\Harddisk0\DR0\Partition1 - ok
18:29:18.0510 5580 Boot (0x1200) (0a243eedcf375e1a68053261171ba0e3) \Device\Harddisk0\DR0\Partition2
18:29:18.0518 5580 \Device\Harddisk0\DR0\Partition2 - ok
18:29:18.0521 5580 Boot (0x1200) (e106c08c8107be1a082a6be8203dbec8) \Device\Harddisk1\DR1\Partition0
18:29:18.0523 5580 \Device\Harddisk1\DR1\Partition0 - ok
18:29:18.0524 5580 ============================================================
18:29:18.0524 5580 Scan finished
18:29:18.0524 5580 ============================================================
18:29:18.0531 3264 Detected object count: 0
18:29:18.0531 3264 Actual detected object count: 0

aswMBR coming next

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 08 August 2012 - 05:39 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Cupka44

Cupka44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 08 August 2012 - 06:11 PM

aswMBR Log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 18:36:44
-----------------------------
18:36:44.958 OS Version: Windows x64 6.1.7601 Service Pack 1
18:36:44.958 Number of processors: 4 586 0x2A07
18:36:44.958 ComputerName: STEFANCUPKA UserName: Stefan
18:36:45.927 Initialize success
18:44:56.650 AVAST engine defs: 12080801
18:45:55.680 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:45:55.681 Disk 0 Vendor: ST950032 0011 Size: 476940MB BusType: 3
18:45:55.691 Disk 0 MBR read successfully
18:45:55.693 Disk 0 MBR scan
18:45:55.696 Disk 0 Windows 7 default MBR code
18:45:55.701 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
18:45:55.708 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
18:45:55.712 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
18:45:55.745 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
18:45:55.773 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
18:45:55.819 Disk 0 scanning C:\windows\system32\drivers
18:46:07.615 Service scanning
18:46:33.173 Modules scanning
18:46:33.505 Disk 0 trace - called modules:
18:46:33.571 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:46:33.574 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e64060]
18:46:33.577 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f76050]
18:46:34.961 AVAST engine scan C:\windows
18:46:40.042 AVAST engine scan C:\windows\system32
18:49:41.514 AVAST engine scan C:\windows\system32\drivers
18:49:57.121 AVAST engine scan C:\Users\Stefan
19:04:07.741 AVAST engine scan C:\ProgramData
19:06:21.072 Scan finished successfully
19:10:28.342 Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\Logs For Bleeping Computer\MBR.dat"
19:10:28.346 The log file has been saved successfully to "C:\Users\Stefan\Desktop\Logs For Bleeping Computer\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 08 August 2012 - 06:59 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\BabylonToolbar
c:\users\Stefan\AppData\Roaming\Babylon
c:\programdata\Babylon

DDS::
uStart Page = hxxp://search.babylon.com/?affID=113959&tt=3112_1&babsrc=HP_ss&mntrId=909f2c6300000000000074e50b8fee0b

Firefox::
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\f33ezo01.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=113959&tt=3112_1&babsrc=HP_ss&mntrId=909f2c6300000000000074e50b8fee0b
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=3112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 909f2c6300000000000074e50b8fee0b
FF - user.js: extensions.BabylonToolbar.instlDay - 15551
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.19:18
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Cupka44

Cupka44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 08 August 2012 - 08:13 PM

ComboFix Log:


ComboFix 12-08-08.01 - Stefan 08/08/2012 20:25:40.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6058.3680 [GMT -4:00]
Running from: c:\users\Stefan\Downloads\ComboFix.exe
Command switches used :: c:\users\Stefan\Downloads\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BabylonToolbar
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe
c:\program files (x86)\BabylonToolbar\BabylonToolbar\BabylonTB.xpi
c:\programdata\Babylon
c:\users\Stefan\AppData\Roaming\Babylon
c:\users\Stefan\AppData\Roaming\Babylon\log_file.txt
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 00:29 . 2012-08-09 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 01:13 . 2012-08-03 01:13 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-02 21:00 . 2012-08-02 21:00 -------- d-----w- c:\windows\Sun
2012-08-02 18:56 . 2012-08-02 18:56 -------- d-----w- c:\users\Stefan\AppData\Roaming\UltraVNC
2012-08-02 18:56 . 2012-08-02 18:56 -------- d-----w- c:\program files\uvnc bvba
2012-08-02 16:39 . 2012-08-02 16:39 -------- d-----w- C:\found.002
2012-08-02 14:37 . 2012-08-02 14:37 -------- d-----w- c:\users\Stefan\AppData\Local\LogMeIn
2012-08-02 14:37 . 2012-07-05 22:11 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-08-02 14:37 . 2012-07-05 22:10 59808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-08-02 14:37 . 2012-07-05 22:10 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-08-02 14:37 . 2012-06-08 16:06 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-08-02 14:37 . 2012-06-08 16:05 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2012-08-02 14:37 . 2012-07-05 22:10 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-08-02 14:37 . 2012-08-08 14:17 -------- d-----w- c:\programdata\LogMeIn
2012-08-02 14:37 . 2012-08-02 14:37 -------- d-----w- c:\program files (x86)\LogMeIn
2012-08-02 14:28 . 2012-08-02 14:28 -------- d-----w- c:\program files (x86)\MSECache
2012-07-30 13:20 . 2012-07-31 00:41 -------- d-----w- c:\users\Stefan\AppData\Roaming\FileZilla
2012-07-30 13:19 . 2012-07-30 13:22 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-07-30 13:18 . 2012-07-30 13:18 -------- d-----w- c:\users\Stefan\AppData\Roaming\BabylonToolbar
2012-07-30 13:18 . 2012-07-30 13:18 304 ----a-w- C:\user.js
2012-07-26 23:31 . 2012-07-26 23:31 -------- d-----w- C:\found.001
2012-07-24 18:55 . 2012-08-08 20:14 -------- d-----w- c:\users\Stefan\AppData\Roaming\Skype
2012-07-24 18:55 . 2012-07-24 18:56 -------- d-----r- c:\program files (x86)\Skype
2012-07-24 18:55 . 2012-07-24 18:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-24 18:55 . 2012-07-24 18:56 -------- d-----w- c:\programdata\Skype
2012-07-12 15:21 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:26 . 2012-07-11 21:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-11 21:26 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 20:35 . 2012-07-11 20:35 1669749 ----a-w- C:\MGtools.exe
2012-07-11 20:27 . 2012-07-11 20:27 -------- d-----w- c:\program files\CCleaner
2012-07-11 17:51 . 2012-07-11 17:51 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-07-11 12:56 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 12:56 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 12:56 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 12:56 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 12:56 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 12:56 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 12:56 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 12:56 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 12:56 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 12:56 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 12:56 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 12:56 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 12:56 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-10 21:17 . 2012-07-10 21:17 -------- d-----w- c:\users\Stefan\AppData\Local\Windows Live Writer
2012-07-10 21:17 . 2012-07-10 21:17 -------- d-----w- c:\users\Stefan\AppData\Roaming\Windows Live Writer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 01:13 . 2012-04-27 17:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 01:13 . 2012-03-04 03:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 15:19 . 2012-03-04 22:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-30 18:58 . 2012-06-30 18:58 674138 ----a-w- c:\windows\unins000.exe
2012-06-23 20:35 . 2012-06-23 20:35 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-06-08 16:05 . 2012-06-08 16:05 35616 ----a-w- c:\windows\system32\lmimirr.dll
2012-06-08 16:05 . 2012-06-08 16:05 14624 ----a-w- c:\windows\system32\lmimirr2.dll
2012-06-02 22:19 . 2012-06-18 23:50 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 23:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:50 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 23:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 23:50 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-18 23:50 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-18 23:50 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-08_21.40.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-08-08 21:43 39622 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-04 02:55 . 2012-08-08 21:43 11652 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050760944-2092946429-2692770965-1000_UserData.bin
+ 2012-03-04 02:35 . 2012-08-08 21:39 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-04 02:35 . 2012-08-05 19:30 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-04 02:35 . 2012-08-08 21:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-04 02:35 . 2012-08-05 19:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-05 19:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-04 06:26 . 2012-08-09 00:22 219368 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-06 15:15 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-08 21:47 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-06 15:15 106756 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-08 21:47 106756 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-30 01:38 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-30 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-24 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-12-21 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-30 1107552]
.
c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
Facebook Messenger.lnk - c:\users\Stefan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SMS_v3_2_0;SMS_v3_2_0;c:\programdata\Rosetta Stone\SMS v3.2.0hs\wrapper.exe [2006-10-18 204800]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
R3 MaplomL;MaplomL; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-05 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1816968]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-04 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-12-21 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-12-21 39008]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-12-21 13408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-05 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-30 935008]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-12-21 29792]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2011-02-14 234960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 44491812
*NewlyCreated* - 63631429
*Deregistered* - 44491812
*Deregistered* - 63631429
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 01:13]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4050760944-2092946429-2692770965-1000Core.job
- c:\users\Stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 18:33]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4050760944-2092946429-2692770965-1000UA.job
- c:\users\Stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 18:33]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 11:51]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 11:51]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050760944-2092946429-2692770965-1000Core.job
- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-30 14:25]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050760944-2092946429-2692770965-1000UA.job
- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-30 14:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-12-21 11:40 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-12-21 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-12-21 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-12-21 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-12-21 5908928]
"LXCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCCtime.dll" [2007-02-22 28672]
"lxccmon.exe"="c:\program files (x86)\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 3300 Series\ezprint.exe" [2007-05-11 103344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.100.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\f33ezo01.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4d80eb55-ca46-4c93-9af1-13afbc336708%7D&mid=61e555c0f46e47d0b7d32197b753e78d-d35f27b38dd57f5c220140a53c05aabaa11ed46b&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-06-29%2021%3A38%3A11&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4050760944-2092946429-2692770965-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A582E41E-F4F2-D47C-86CE-1B9351610A3D}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 20:31:20
ComboFix-quarantined-files.txt 2012-08-09 00:31
ComboFix2.txt 2012-08-08 21:47
.
Pre-Run: 247,411,617,792 bytes free
Post-Run: 247,359,303,680 bytes free
.
- - End Of File - - 4838FD364617ADEE980F1CD3CD8E2075


The computer seems fine! Back to normal! I noticed in the previous log that CF cleaned the viruses AVG and MBAM detected. Thank you so much!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 08 August 2012 - 08:36 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Babylon toolbar on IE
BabylonObjectInstaller
CodecC
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 11 August 2012 - 12:36 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Cupka44

Cupka44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 11 August 2012 - 08:14 AM

MBAM log:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFANCUPKA [administrator]

8/11/2012 9:05:33 AM
mbam-log-2012-08-11 (09-05-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197155
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Stefan\Downloads\FileZilla_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)


Next log coming after Reboot.
P.S. Thanks for the Bump. LoL. I missed the other email.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users