Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan horse Dropper.Generic_c.MMI


  • This topic is locked This topic is locked
15 replies to this topic

#1 GastlyKazoo

GastlyKazoo

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 05 August 2012 - 06:16 PM

Hi, boopme redirected me here after having me run the following scans: MiniToolBox, TDSSKiller, SUPERAntiSpyware Free, and ESET Online Scan. Boopme determined that the rootkit is protected. Below is my original post to the "Am I Infected?" forum. I am attaching the DDS text log. I did not run GMER since I am on a 64 bit system.

"I am running Windows 7 Home Premium SP1 on a Dell XPS L511Z. I keep getting pop-ups from AVG Resident Shield Alert that say
"Threat Detected!
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI (More info)
Detected on open."
The only option given is "Ignore the threat," and then occasionally it will go to another screen that says "Multiple threat detection." It will then list multiple Trojan horse infections with the option "Remove all unhealed." However, clicking on this does not remove the problem at all. I have run AVG Free, SUPERAntiSpyware Free, Malwarebytes Anti-Malware, and ESET Online Scanner. Even though they have detected the Trojans (with the exception of SUPERAntiSpyware) and said that they removed them, the pop-ups from AVG still persist."


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Barbossa at 18:51:58 on 2012-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3297 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Cypress\TrackPad\CyCpIo.exe
C:\Program Files\Cypress\TrackPad\CyHidWin.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120112012114.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Google Update] "C:\Users\Barbossa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [Apple Computer] rundll32.exe "C:\Users\Barbossa\AppData\Local\Dell\Apple Computer\ezwcvbwi.dll",CreateInstance
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Barbossa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6EC2D2E8-3919-4E56-990C-4E33714882EF} : DhcpNameServer = 13.36.0.104
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\34F627E6865737B65627 : DhcpNameServer = 76.85.228.100 76.85.228.101
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\55E4C4D2149425 : DhcpNameServer = 129.93.5.69 129.93.6.189
TCP: Interfaces\{BEA6C9B2-28EC-4E27-975D-A2033C24EE78}\65562796A7F6E602D496649623230303021334245302355636572756 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120112012114.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-22 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173056]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-1-12 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-1-12 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-22 2009704]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-22 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-21 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-22 2656280]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cyhid;Cypress Input Device;C:\Windows\system32\DRIVERS\cyhid.sys --> C:\Windows\system32\DRIVERS\cyhid.sys [?]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\system32\DRIVERS\cykbfltr.sys --> C:\Windows\system32\DRIVERS\cykbfltr.sys [?]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\system32\DRIVERS\cymfltr.sys --> C:\Windows\system32\DRIVERS\cymfltr.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-22 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbmdm_000.sys --> C:\Windows\system32\DRIVERS\nwusbmdm_000.sys [?]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser_000.sys --> C:\Windows\system32\DRIVERS\nwusbser_000.sys [?]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser2_000.sys --> C:\Windows\system32\DRIVERS\nwusbser2_000.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-04 21:10:09 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-07-17 01:17:24 116016 ----a-w- C:\Windows\System32\drivers\57268974.sys
2012-07-16 20:33:13 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-15 18:18:04 -------- d-----w- C:\Users\Barbossa\AppData\Roaming\Malwarebytes
2012-07-15 18:17:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-15 18:17:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 18:17:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 19:53:43 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-11 06:27:41 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 22:51:46 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-08 23:03:28 -------- d-----w- C:\Users\Barbossa\AppData\Local\{72C9BB3D-06B0-4467-A30B-777AA85F66CE}
2012-07-08 23:03:15 -------- d-----w- C:\Users\Barbossa\AppData\Local\{148AD713-CD5A-447C-B6A8-11D4A7B022AA}
2012-07-08 05:26:38 -------- d-----w- C:\Users\Barbossa\AppData\Local\{07883278-FFB2-4721-9254-CEE71E386175}
2012-07-08 05:26:27 -------- d-----w- C:\Users\Barbossa\AppData\Local\{629AB230-C264-4F6C-9D81-ADAF107270A2}
2012-07-07 00:40:29 -------- d-----w- C:\Windows\en
2012-07-07 00:38:05 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-07 00:35:28 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6890c3a71cd5bd803\MeshBetaRemover.exe
2012-07-07 00:35:27 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\67e677691cd5bd802\DSETUP.dll
2012-07-07 00:35:27 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\67e677691cd5bd802\DXSETUP.exe
2012-07-07 00:35:27 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\67e677691cd5bd802\dsetup32.dll
2012-07-07 00:35:18 -------- d-----w- C:\Users\Barbossa\AppData\Local\{C3355CDA-DC54-44BB-A70E-868D4B4B893C}
2012-07-07 00:35:07 -------- d-----w- C:\Users\Barbossa\AppData\Local\{8DC27298-85E0-46E5-90A5-638387D47564}
2012-07-07 00:34:56 -------- d-----w- C:\Users\Barbossa\AppData\Local\{CB3703D7-0D95-4B6B-B6E9-909EFBBADCA3}
2012-07-07 00:34:45 -------- d-----w- C:\Users\Barbossa\AppData\Local\{7E62912D-D7F5-4F91-BDBA-D1D345013B5E}
2012-07-07 00:34:35 -------- d-----w- C:\Users\Barbossa\AppData\Local\{D0073B48-7363-43A8-957E-190933C3DA1B}
2012-07-07 00:34:23 -------- d-----w- C:\Users\Barbossa\AppData\Local\{6E1D68B0-3216-440E-9064-4D2FAEC56FE8}
2012-07-07 00:30:17 -------- d-----w- C:\Users\Barbossa\AppData\Local\{AB53F1D9-7056-4B92-B74C-9ACE50FC598B}
2012-07-07 00:29:56 -------- d-----w- C:\Users\Barbossa\AppData\Local\{F5575A48-9DD0-468E-822E-1545E0456783}
2012-07-07 00:29:45 -------- d-----w- C:\Users\Barbossa\AppData\Local\{7692112B-8625-4B17-853B-803A9C2B11AF}
2012-07-07 00:29:45 -------- d-----w- C:\Users\Barbossa\AppData\Local\{36DE4358-8696-4EC7-8FCB-463EFC7C93C1}
2012-07-07 00:18:57 -------- d-----w- C:\Users\Barbossa\AppData\Local\{D0D9D2C3-1567-4E7E-B73F-58CF15BD5D0A}
2012-07-07 00:18:12 -------- d-----w- C:\Users\Barbossa\AppData\Local\{6D532393-D99C-41B1-AABB-65C95EB71EA7}
.
==================== Find3M ====================
.
2012-08-04 21:19:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 21:19:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:59:04.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 08 August 2012 - 08:09 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 08 August 2012 - 11:24 PM

Hello! I have taken the steps that you suggested, and I am posting the logs for the security check and Combofix below. However, I am no longer able to use Internet Explorer or Google Chrome on my computer, and am thus unable to get onto the internet at all. I have burned the logs onto a DVD and I am using a different computer to post them. The error message said that the registry key had been marked for deletion for both shortcuts. Thanks.


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome plugins...
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


ComboFix 12-08-08.02 - Barbossa 08/08/2012 23:27:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.4038 [GMT -4:00]
Running from: c:\users\Barbossa\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\programdata\Roaming
c:\users\Barbossa\Desktop\Internet Explorer.lnk
c:\users\Barbossa\Documents\~WRL1246.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\@
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\L\00000004.@
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\L\1afb2d56
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\L\201d3dde
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\00000004.@
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\00000008.@
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\000000cb.@
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\80000000.@
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\80000032.@
c:\windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy7_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 03:53 . 2012-08-09 03:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-09 03:53 . 2012-08-09 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 21:10 . 2012-08-04 21:10 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-07-17 01:17 . 2012-07-17 01:17 116016 ----a-w- c:\windows\system32\drivers\57268974.sys
2012-07-16 20:33 . 2012-07-16 20:33 -------- d-----w- c:\program files (x86)\ESET
2012-07-15 18:18 . 2012-07-15 18:18 -------- d-----w- c:\users\Barbossa\AppData\Roaming\Malwarebytes
2012-07-15 18:17 . 2012-07-15 18:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 18:17 . 2012-07-15 18:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 18:17 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 06:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 22:51 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 21:19 . 2012-03-30 14:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 21:19 . 2011-12-22 09:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 06:25 . 2012-01-11 21:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 00:37 . 2012-07-07 00:38 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-18 23:10 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 23:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:10 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 23:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 23:10 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-18 23:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-18 23:09 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 02:53 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 03:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-06-05 4686848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Barbossa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 100912]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2010-07-08 25600]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 217728]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 217728]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 217728]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-11 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 284648]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 75808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-06 161168]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-10-22 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-10-19 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-10-22 79872]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 481768]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-09-18 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:19]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549522551-1579802136-2033792612-1002Core.job
- c:\users\Barbossa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 17:36]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549522551-1579802136-2033792612-1002UA.job
- c:\users\Barbossa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 17:36]
.
2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-14 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2012-08-04 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-16 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2012-08-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-10-20 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-26 7214696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-07-13 4146848]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Apple Computer - c:\users\Barbossa\AppData\Local\Dell\Apple Computer\ezwcvbwi.dll
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\SafeConnect\scManager.sys
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
.
**************************************************************************
.
Completion time: 2012-08-09 00:09:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-09 04:09
.
Pre-Run: 344,710,606,848 bytes free
Post-Run: 345,567,571,968 bytes free
.
- - End Of File - - B80FB7DADF12AE1DBF32C734C1D46A8D

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 08 August 2012 - 11:27 PM

Greetings


See above - Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer




I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 09 August 2012 - 12:10 AM

Thanks- I am back on my computer and everything seems to be working fine. I am no longer getting pop-ups. Here are the scan logs you requested.



00:34:41.0110 7844 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:34:41.0724 7844 ============================================================
00:34:41.0724 7844 Current date / time: 2012/08/09 00:34:41.0724
00:34:41.0724 7844 SystemInfo:
00:34:41.0724 7844
00:34:41.0724 7844 OS Version: 6.1.7601 ServicePack: 1.0
00:34:41.0724 7844 Product type: Workstation
00:34:41.0725 7844 ComputerName: BARBOSSA-PC
00:34:41.0725 7844 UserName: Barbossa
00:34:41.0725 7844 Windows directory: C:\Windows
00:34:41.0725 7844 System windows directory: C:\Windows
00:34:41.0725 7844 Running under WOW64
00:34:41.0725 7844 Processor architecture: Intel x64
00:34:41.0725 7844 Number of processors: 4
00:34:41.0725 7844 Page size: 0x1000
00:34:41.0725 7844 Boot type: Normal boot
00:34:41.0725 7844 ============================================================
00:34:44.0496 7844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:34:44.0505 7844 ============================================================
00:34:44.0505 7844 \Device\Harddisk0\DR0:
00:34:44.0507 7844 MBR partitions:
00:34:44.0507 7844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
00:34:44.0507 7844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
00:34:44.0507 7844 ============================================================
00:34:44.0546 7844 C: <-> \Device\Harddisk0\DR0\Partition1
00:34:44.0546 7844 ============================================================
00:34:44.0546 7844 Initialize success
00:34:44.0546 7844 ============================================================
00:35:08.0685 9704 ============================================================
00:35:08.0685 9704 Scan started
00:35:08.0685 9704 Mode: Manual;
00:35:08.0685 9704 ============================================================
00:35:09.0282 9704 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:35:09.0283 9704 !SASCORE - ok
00:35:09.0469 9704 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:35:09.0474 9704 1394ohci - ok
00:35:09.0500 9704 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
00:35:09.0500 9704 Acceler - ok
00:35:09.0584 9704 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:35:09.0586 9704 ACPI - ok
00:35:09.0648 9704 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:35:09.0650 9704 AcpiPmi - ok
00:35:09.0766 9704 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:35:09.0766 9704 AdobeARMservice - ok
00:35:09.0923 9704 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:35:09.0938 9704 AdobeFlashPlayerUpdateSvc - ok
00:35:09.0977 9704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:35:09.0992 9704 adp94xx - ok
00:35:10.0046 9704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:35:10.0064 9704 adpahci - ok
00:35:10.0101 9704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:35:10.0111 9704 adpu320 - ok
00:35:10.0146 9704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:35:10.0149 9704 AeLookupSvc - ok
00:35:10.0212 9704 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:35:10.0215 9704 AERTFilters - ok
00:35:10.0286 9704 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:35:10.0307 9704 AFD - ok
00:35:10.0322 9704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:35:10.0327 9704 agp440 - ok
00:35:10.0345 9704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:35:10.0350 9704 ALG - ok
00:35:10.0368 9704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:35:10.0371 9704 aliide - ok
00:35:10.0400 9704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:35:10.0404 9704 amdide - ok
00:35:10.0423 9704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:35:10.0426 9704 AmdK8 - ok
00:35:10.0436 9704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:35:10.0438 9704 AmdPPM - ok
00:35:10.0457 9704 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:35:10.0460 9704 amdsata - ok
00:35:10.0485 9704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:35:10.0503 9704 amdsbs - ok
00:35:10.0539 9704 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:35:10.0540 9704 amdxata - ok
00:35:10.0587 9704 AMPPAL (3bc90482a834f998c3b7a9c934a20342) C:\Windows\system32\DRIVERS\AMPPAL.sys
00:35:10.0605 9704 AMPPAL - ok
00:35:10.0617 9704 AMPPALP (3bc90482a834f998c3b7a9c934a20342) C:\Windows\system32\DRIVERS\amppal.sys
00:35:10.0621 9704 AMPPALP - ok
00:35:10.0731 9704 AMPPALR3 (a47d7febd9381d34ddb4ff38b15a67fe) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
00:35:10.0737 9704 AMPPALR3 - ok
00:35:10.0874 9704 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:35:10.0877 9704 AppID - ok
00:35:10.0893 9704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:35:10.0897 9704 AppIDSvc - ok
00:35:10.0928 9704 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:35:10.0933 9704 Appinfo - ok
00:35:11.0027 9704 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:35:11.0032 9704 Apple Mobile Device - ok
00:35:11.0081 9704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:35:11.0084 9704 arc - ok
00:35:11.0109 9704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:35:11.0112 9704 arcsas - ok
00:35:11.0219 9704 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:35:11.0245 9704 aspnet_state - ok
00:35:11.0269 9704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:35:11.0271 9704 AsyncMac - ok
00:35:11.0312 9704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:35:11.0314 9704 atapi - ok
00:35:11.0396 9704 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:35:11.0400 9704 AudioEndpointBuilder - ok
00:35:11.0405 9704 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:35:11.0409 9704 AudioSrv - ok
00:35:11.0804 9704 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
00:35:11.0907 9704 AVGIDSAgent - ok
00:35:12.0040 9704 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
00:35:12.0044 9704 AVGIDSDriver - ok
00:35:12.0090 9704 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
00:35:12.0091 9704 AVGIDSFilter - ok
00:35:12.0123 9704 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
00:35:12.0124 9704 AVGIDSHA - ok
00:35:12.0187 9704 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
00:35:12.0189 9704 Avgldx64 - ok
00:35:12.0238 9704 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
00:35:12.0240 9704 Avgmfx64 - ok
00:35:12.0254 9704 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
00:35:12.0256 9704 Avgrkx64 - ok
00:35:12.0316 9704 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
00:35:12.0323 9704 Avgtdia - ok
00:35:12.0422 9704 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:35:12.0426 9704 avgwd - ok
00:35:12.0502 9704 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:35:12.0516 9704 AxInstSV - ok
00:35:12.0574 9704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:35:12.0594 9704 b06bdrv - ok
00:35:12.0650 9704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:35:12.0667 9704 b57nd60a - ok
00:35:12.0706 9704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:35:12.0712 9704 BDESVC - ok
00:35:12.0728 9704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:35:12.0729 9704 Beep - ok
00:35:12.0785 9704 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:35:12.0802 9704 BFE - ok
00:35:12.0898 9704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:35:12.0901 9704 blbdrive - ok
00:35:13.0034 9704 Bluetooth Device Monitor (0f46d2845bd7ddaca52340ecc2b65da3) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
00:35:13.0039 9704 Bluetooth Device Monitor - ok
00:35:13.0137 9704 Bluetooth Media Service (3341de556ec28252d603277609eef8bf) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
00:35:13.0144 9704 Bluetooth Media Service - ok
00:35:13.0253 9704 Bluetooth OBEX Service (5d5c3ec9be1107dedf0feb55b7f3bd77) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
00:35:13.0260 9704 Bluetooth OBEX Service - ok
00:35:13.0365 9704 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:35:13.0372 9704 Bonjour Service - ok
00:35:13.0513 9704 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:35:13.0515 9704 bowser - ok
00:35:13.0542 9704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:35:13.0552 9704 BrFiltLo - ok
00:35:13.0566 9704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:35:13.0570 9704 BrFiltUp - ok
00:35:13.0598 9704 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:35:13.0600 9704 BridgeMP - ok
00:35:13.0631 9704 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:35:13.0634 9704 Browser - ok
00:35:13.0673 9704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:35:13.0684 9704 Brserid - ok
00:35:13.0692 9704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:35:13.0694 9704 BrSerWdm - ok
00:35:13.0697 9704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:35:13.0698 9704 BrUsbMdm - ok
00:35:13.0711 9704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:35:13.0713 9704 BrUsbSer - ok
00:35:13.0737 9704 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
00:35:13.0743 9704 BthEnum - ok
00:35:13.0768 9704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:35:13.0770 9704 BTHMODEM - ok
00:35:13.0793 9704 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:35:13.0795 9704 BthPan - ok
00:35:13.0838 9704 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
00:35:13.0873 9704 BTHPORT - ok
00:35:13.0896 9704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:35:13.0898 9704 bthserv - ok
00:35:13.0974 9704 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
00:35:13.0978 9704 BTHSSecurityMgr - ok
00:35:13.0996 9704 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
00:35:14.0001 9704 BTHUSB - ok
00:35:14.0038 9704 btmaux (ab0a33001fe7ebb209d9d52ced11be1a) C:\Windows\system32\DRIVERS\btmaux.sys
00:35:14.0041 9704 btmaux - ok
00:35:14.0082 9704 btmhsf (5ba4c6f82a5ca3307c0579d9f7b36e28) C:\Windows\system32\DRIVERS\btmhsf.sys
00:35:14.0099 9704 btmhsf - ok
00:35:14.0126 9704 catchme - ok
00:35:14.0149 9704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:35:14.0152 9704 cdfs - ok
00:35:14.0181 9704 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:35:14.0185 9704 cdrom - ok
00:35:14.0244 9704 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:35:14.0246 9704 CertPropSvc - ok
00:35:14.0277 9704 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
00:35:14.0278 9704 cfwids - ok
00:35:14.0289 9704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:35:14.0291 9704 circlass - ok
00:35:14.0316 9704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:35:14.0318 9704 CLFS - ok
00:35:14.0430 9704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:35:14.0437 9704 clr_optimization_v2.0.50727_32 - ok
00:35:14.0485 9704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:35:14.0490 9704 clr_optimization_v2.0.50727_64 - ok
00:35:14.0645 9704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:35:14.0757 9704 clr_optimization_v4.0.30319_32 - ok
00:35:15.0180 9704 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:35:15.0240 9704 clr_optimization_v4.0.30319_64 - ok
00:35:15.0326 9704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:35:15.0327 9704 CmBatt - ok
00:35:15.0361 9704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:35:15.0364 9704 cmdide - ok
00:35:15.0656 9704 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
00:35:15.0658 9704 CNG - ok
00:35:15.0695 9704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:35:15.0695 9704 Compbatt - ok
00:35:15.0801 9704 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:35:15.0803 9704 CompositeBus - ok
00:35:15.0932 9704 COMSysApp - ok
00:35:15.0973 9704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:35:15.0976 9704 crcdisk - ok
00:35:16.0449 9704 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:35:16.0454 9704 CryptSvc - ok
00:35:16.0901 9704 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
00:35:16.0932 9704 CtClsFlt - ok
00:35:17.0125 9704 cyhid (5858111ff43b8e87edd13667e5b29e51) C:\Windows\system32\DRIVERS\cyhid.sys
00:35:17.0136 9704 cyhid - ok
00:35:17.0187 9704 cykbfltrService (903c161e91a7f2678e7e8d775d3512b2) C:\Windows\system32\DRIVERS\cykbfltr.sys
00:35:17.0189 9704 cykbfltrService - ok
00:35:17.0255 9704 cymfltrService (ef5a7a27ac58672cf3b5ce91e99c43dc) C:\Windows\system32\DRIVERS\cymfltr.sys
00:35:17.0262 9704 cymfltrService - ok
00:35:17.0480 9704 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:35:17.0488 9704 DcomLaunch - ok
00:35:17.0729 9704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:35:17.0754 9704 defragsvc - ok
00:35:17.0990 9704 DellDigitalDelivery (88d5fe2109f1a52cf69ba410082a833a) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
00:35:17.0994 9704 DellDigitalDelivery - ok
00:35:18.0092 9704 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:35:18.0105 9704 DfsC - ok
00:35:18.0315 9704 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:35:18.0322 9704 Dhcp - ok
00:35:18.0384 9704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:35:18.0394 9704 discache - ok
00:35:18.0470 9704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:35:18.0473 9704 Disk - ok
00:35:18.0586 9704 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:35:18.0639 9704 Dnscache - ok
00:35:18.0747 9704 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:35:18.0761 9704 dot3svc - ok
00:35:18.0861 9704 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:35:18.0865 9704 DPS - ok
00:35:18.0901 9704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:35:18.0903 9704 drmkaud - ok
00:35:19.0227 9704 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:35:19.0271 9704 DXGKrnl - ok
00:35:19.0325 9704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:35:19.0329 9704 EapHost - ok
00:35:21.0705 9704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:35:21.0770 9704 ebdrv - ok
00:35:21.0879 9704 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:35:21.0880 9704 EFS - ok
00:35:21.0952 9704 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:35:21.0969 9704 ehRecvr - ok
00:35:21.0997 9704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:35:22.0000 9704 ehSched - ok
00:35:22.0048 9704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:35:22.0064 9704 elxstor - ok
00:35:22.0078 9704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:35:22.0081 9704 ErrDev - ok
00:35:22.0123 9704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:35:22.0126 9704 EventSystem - ok
00:35:22.0280 9704 EvtEng (b20a788579e443f768aab1a24f705d0a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:35:22.0288 9704 EvtEng - ok
00:35:22.0369 9704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:35:22.0376 9704 exfat - ok
00:35:22.0396 9704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:35:22.0399 9704 fastfat - ok
00:35:22.0447 9704 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:35:22.0467 9704 Fax - ok
00:35:22.0479 9704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:35:22.0481 9704 fdc - ok
00:35:22.0500 9704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:35:22.0503 9704 fdPHost - ok
00:35:22.0508 9704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:35:22.0509 9704 FDResPub - ok
00:35:22.0520 9704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:35:22.0521 9704 FileInfo - ok
00:35:22.0538 9704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:35:22.0540 9704 Filetrace - ok
00:35:22.0556 9704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:35:22.0558 9704 flpydisk - ok
00:35:22.0672 9704 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:35:22.0678 9704 FltMgr - ok
00:35:22.0740 9704 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:35:22.0785 9704 FontCache - ok
00:35:22.0844 9704 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:35:22.0847 9704 FontCache3.0.0.0 - ok
00:35:22.0878 9704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:35:22.0881 9704 FsDepends - ok
00:35:22.0901 9704 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:35:22.0903 9704 Fs_Rec - ok
00:35:22.0942 9704 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:35:22.0943 9704 fvevol - ok
00:35:22.0959 9704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:35:22.0961 9704 gagp30kx - ok
00:35:22.0979 9704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:35:22.0981 9704 GEARAspiWDM - ok
00:35:23.0075 9704 Giraffic - ok
00:35:23.0147 9704 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:35:23.0161 9704 gpsvc - ok
00:35:23.0186 9704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:35:23.0188 9704 hcw85cir - ok
00:35:23.0219 9704 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:35:23.0224 9704 HDAudBus - ok
00:35:23.0245 9704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:35:23.0247 9704 HidBatt - ok
00:35:23.0266 9704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:35:23.0268 9704 HidBth - ok
00:35:23.0283 9704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:35:23.0285 9704 HidIr - ok
00:35:23.0298 9704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:35:23.0300 9704 hidserv - ok
00:35:23.0331 9704 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:35:23.0335 9704 HidUsb - ok
00:35:23.0352 9704 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:35:23.0364 9704 hkmsvc - ok
00:35:23.0394 9704 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:35:23.0408 9704 HomeGroupListener - ok
00:35:23.0440 9704 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:35:23.0458 9704 HomeGroupProvider - ok
00:35:23.0482 9704 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:35:23.0485 9704 HpSAMD - ok
00:35:23.0550 9704 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:35:23.0562 9704 HTTP - ok
00:35:23.0606 9704 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:35:23.0608 9704 hwpolicy - ok
00:35:23.0638 9704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:35:23.0644 9704 i8042prt - ok
00:35:23.0710 9704 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
00:35:23.0718 9704 iaStor - ok
00:35:23.0769 9704 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:35:23.0790 9704 iaStorV - ok
00:35:23.0817 9704 iBtFltCoex (806422f30df9ce8307457485779c77b7) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
00:35:23.0819 9704 iBtFltCoex - ok
00:35:24.0001 9704 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:35:24.0025 9704 IDriverT - ok
00:35:24.0366 9704 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:35:24.0387 9704 idsvc - ok
00:35:25.0289 9704 igfx (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:35:25.0505 9704 igfx - ok
00:35:25.0654 9704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:35:25.0658 9704 iirsp - ok
00:35:25.0742 9704 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:35:25.0761 9704 IKEEXT - ok
00:35:25.0788 9704 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
00:35:25.0792 9704 Impcd - ok
00:35:25.0836 9704 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
00:35:25.0839 9704 intaud_WaveExtensible - ok
00:35:25.0992 9704 IntcAzAudAddService (a3c9367a02b2a1fc22536add3601b64f) C:\Windows\system32\drivers\RTKVHD64.sys
00:35:26.0007 9704 IntcAzAudAddService - ok
00:35:26.0172 9704 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:35:26.0182 9704 IntcDAud - ok
00:35:26.0220 9704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:35:26.0223 9704 intelide - ok
00:35:26.0272 9704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:35:26.0272 9704 intelppm - ok
00:35:26.0341 9704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:35:26.0352 9704 IPBusEnum - ok
00:35:26.0407 9704 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:35:26.0414 9704 IpFilterDriver - ok
00:35:26.0597 9704 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:35:26.0627 9704 iphlpsvc - ok
00:35:26.0699 9704 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:35:26.0712 9704 IPMIDRV - ok
00:35:26.0767 9704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:35:26.0799 9704 IPNAT - ok
00:35:27.0237 9704 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:35:27.0262 9704 iPod Service - ok
00:35:27.0281 9704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:35:27.0283 9704 IRENUM - ok
00:35:27.0298 9704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:35:27.0301 9704 isapnp - ok
00:35:27.0319 9704 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:35:27.0332 9704 iScsiPrt - ok
00:35:27.0355 9704 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
00:35:27.0356 9704 iwdbus - ok
00:35:27.0387 9704 JMCR (43f319de026e04b9cf9219a14bf24fe8) C:\Windows\system32\DRIVERS\jmcr.sys
00:35:27.0392 9704 JMCR - ok
00:35:27.0415 9704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:35:27.0416 9704 kbdclass - ok
00:35:27.0428 9704 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:35:27.0460 9704 kbdhid - ok
00:35:27.0507 9704 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:35:27.0508 9704 KeyIso - ok
00:35:27.0542 9704 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
00:35:27.0544 9704 KSecDD - ok
00:35:27.0559 9704 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
00:35:27.0561 9704 KSecPkg - ok
00:35:27.0577 9704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:35:27.0583 9704 ksthunk - ok
00:35:27.0614 9704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:35:27.0631 9704 KtmRm - ok
00:35:27.0684 9704 L1C (0219f13ab1664005adcba884c0eb975e) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:35:27.0686 9704 L1C - ok
00:35:27.0735 9704 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:35:27.0781 9704 LanmanServer - ok
00:35:27.0801 9704 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:35:27.0803 9704 LanmanWorkstation - ok
00:35:27.0836 9704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:35:27.0839 9704 lltdio - ok
00:35:27.0882 9704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:35:27.0901 9704 lltdsvc - ok
00:35:27.0919 9704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:35:27.0922 9704 lmhosts - ok
00:35:28.0017 9704 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:35:28.0028 9704 LMS - ok
00:35:28.0065 9704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:35:28.0076 9704 LSI_FC - ok
00:35:28.0100 9704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:35:28.0105 9704 LSI_SAS - ok
00:35:28.0118 9704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:35:28.0122 9704 LSI_SAS2 - ok
00:35:28.0141 9704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:35:28.0145 9704 LSI_SCSI - ok
00:35:28.0171 9704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:35:28.0173 9704 luafv - ok
00:35:28.0226 9704 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
00:35:28.0232 9704 MBAMProtector - ok
00:35:29.0248 9704 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:35:29.0285 9704 MBAMService - ok
00:35:29.0387 9704 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
00:35:29.0392 9704 McAWFwk - ok
00:35:29.0559 9704 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:35:29.0561 9704 McMPFSvc - ok
00:35:29.0564 9704 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:35:29.0566 9704 mcmscsvc - ok
00:35:29.0572 9704 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:35:29.0574 9704 McNaiAnn - ok
00:35:29.0578 9704 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:35:29.0579 9704 McNASvc - ok
00:35:29.0722 9704 McODS (c6232488cdbf063ce077fc7f8f8c248c) C:\Program Files\mcafee\VirusScan\mcods.exe
00:35:29.0725 9704 McODS - ok
00:35:29.0730 9704 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:35:29.0732 9704 McOobeSv - ok
00:35:29.0735 9704 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
00:35:29.0737 9704 McProxy - ok
00:35:29.0866 9704 McShield (4a463d645b48bb487ca7df12ba5d1602) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
00:35:29.0879 9704 McShield - ok
00:35:31.0287 9704 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:35:31.0289 9704 Mcx2Svc - ok
00:35:31.0325 9704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:35:31.0328 9704 megasas - ok
00:35:31.0352 9704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:35:31.0372 9704 MegaSR - ok
00:35:31.0390 9704 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:35:31.0391 9704 MEIx64 - ok
00:35:31.0444 9704 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
00:35:31.0445 9704 mfeapfk - ok
00:35:31.0506 9704 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
00:35:31.0508 9704 mfeavfk - ok
00:35:31.0556 9704 mfeavfk01 - ok
00:35:31.0634 9704 mfefire (c53b7aba204d9f7e9568ec147a1485c5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
00:35:31.0635 9704 mfefire - ok
00:35:31.0756 9704 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
00:35:31.0765 9704 mfefirek - ok
00:35:31.0873 9704 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
00:35:31.0884 9704 mfehidk - ok
00:35:31.0992 9704 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
00:35:31.0994 9704 mfenlfk - ok
00:35:32.0073 9704 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
00:35:32.0075 9704 mferkdet - ok
00:35:32.0093 9704 mfevtp (8f3b3c3625e3aaa11d6d4db8423e1721) C:\Windows\system32\mfevtps.exe
00:35:32.0095 9704 mfevtp - ok
00:35:32.0144 9704 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
00:35:32.0145 9704 mfewfpk - ok
00:35:32.0171 9704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:35:32.0173 9704 MMCSS - ok
00:35:32.0241 9704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:35:32.0244 9704 Modem - ok
00:35:32.0282 9704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:35:32.0283 9704 monitor - ok
00:35:32.0323 9704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:35:32.0324 9704 mouclass - ok
00:35:32.0359 9704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:35:32.0361 9704 mouhid - ok
00:35:32.0428 9704 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:35:32.0431 9704 mountmgr - ok
00:35:32.0470 9704 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:35:32.0473 9704 mpio - ok
00:35:32.0508 9704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:35:32.0510 9704 mpsdrv - ok
00:35:34.0756 9704 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:35:34.0781 9704 MpsSvc - ok
00:35:34.0997 9704 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:35:35.0022 9704 MRxDAV - ok
00:35:35.0180 9704 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:35:35.0184 9704 mrxsmb - ok
00:35:35.0545 9704 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:35:35.0547 9704 mrxsmb10 - ok
00:35:35.0628 9704 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:35:35.0629 9704 mrxsmb20 - ok
00:35:35.0664 9704 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:35:35.0665 9704 msahci - ok
00:35:35.0692 9704 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:35:35.0695 9704 msdsm - ok
00:35:35.0724 9704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:35:35.0730 9704 MSDTC - ok
00:35:35.0838 9704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:35:35.0869 9704 Msfs - ok
00:35:35.0903 9704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:35:35.0908 9704 mshidkmdf - ok
00:35:35.0941 9704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:35:35.0943 9704 msisadrv - ok
00:35:36.0012 9704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:35:36.0021 9704 MSiSCSI - ok
00:35:36.0028 9704 msiserver - ok
00:35:36.0160 9704 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:35:36.0162 9704 MSK80Service - ok
00:35:36.0187 9704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:35:36.0189 9704 MSKSSRV - ok
00:35:36.0195 9704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:35:36.0197 9704 MSPCLOCK - ok
00:35:36.0204 9704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:35:36.0207 9704 MSPQM - ok
00:35:36.0234 9704 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:35:36.0236 9704 MsRPC - ok
00:35:36.0259 9704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:35:36.0260 9704 mssmbios - ok
00:35:36.0278 9704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:35:36.0280 9704 MSTEE - ok
00:35:36.0288 9704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:35:36.0290 9704 MTConfig - ok
00:35:36.0307 9704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:35:36.0308 9704 Mup - ok
00:35:36.0445 9704 MyWiFiDHCPDNS (f217d7718fd7577af331e89910b2d21e) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:35:36.0457 9704 MyWiFiDHCPDNS - ok
00:35:36.0583 9704 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:35:36.0608 9704 napagent - ok
00:35:36.0655 9704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:35:36.0662 9704 NativeWifiP - ok
00:35:36.0773 9704 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
00:35:36.0776 9704 NAUpdate - ok
00:35:36.0941 9704 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
00:35:36.0956 9704 NDIS - ok
00:35:36.0974 9704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:35:36.0976 9704 NdisCap - ok
00:35:36.0994 9704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:35:36.0999 9704 NdisTapi - ok
00:35:37.0025 9704 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:35:37.0026 9704 Ndisuio - ok
00:35:37.0063 9704 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:35:37.0074 9704 NdisWan - ok
00:35:37.0096 9704 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:35:37.0099 9704 NDProxy - ok
00:35:37.0113 9704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:35:37.0115 9704 NetBIOS - ok
00:35:37.0133 9704 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:35:37.0149 9704 NetBT - ok
00:35:37.0193 9704 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:35:37.0195 9704 Netlogon - ok
00:35:37.0248 9704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:35:37.0266 9704 Netman - ok
00:35:37.0439 9704 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:35:37.0496 9704 NetMsmqActivator - ok
00:35:37.0499 9704 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:35:37.0500 9704 NetPipeActivator - ok
00:35:37.0544 9704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:35:37.0547 9704 netprofm - ok
00:35:37.0549 9704 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:35:37.0550 9704 NetTcpActivator - ok
00:35:37.0553 9704 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:35:37.0554 9704 NetTcpPortSharing - ok
00:35:38.0503 9704 NETwNs64 (9fd1be1881446d954ff77244ae58fbcb) C:\Windows\system32\DRIVERS\NETwNs64.sys
00:35:38.0662 9704 NETwNs64 - ok
00:35:38.0864 9704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:35:38.0867 9704 nfrd960 - ok
00:35:38.0923 9704 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:35:38.0978 9704 NlaSvc - ok
00:35:39.0423 9704 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
00:35:39.0436 9704 NOBU - ok
00:35:39.0661 9704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:35:39.0663 9704 Npfs - ok
00:35:39.0678 9704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:35:39.0679 9704 nsi - ok
00:35:39.0693 9704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:35:39.0695 9704 nsiproxy - ok
00:35:39.0925 9704 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:35:39.0933 9704 Ntfs - ok
00:35:40.0289 9704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:35:40.0290 9704 Null - ok
00:35:40.0329 9704 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:35:40.0332 9704 nusb3hub - ok
00:35:40.0350 9704 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:35:40.0354 9704 nusb3xhc - ok
00:35:42.0297 9704 nvlddmkm (573b0941a37aebee96085d56a103f57b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:35:42.0434 9704 nvlddmkm - ok
00:35:42.0652 9704 nvpciflt (43af7ebeac2ab623468e32caddcb61a4) C:\Windows\system32\DRIVERS\nvpciflt.sys
00:35:42.0654 9704 nvpciflt - ok
00:35:42.0737 9704 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:35:42.0740 9704 nvraid - ok
00:35:42.0764 9704 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:35:42.0781 9704 nvstor - ok
00:35:42.0907 9704 NVSvc (c500760572c6059918fb0c960967695b) C:\Windows\system32\nvvsvc.exe
00:35:42.0925 9704 NVSvc - ok
00:35:43.0211 9704 nvUpdatusService (f28169a7adf7b41809cf92d369e744f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:35:43.0266 9704 nvUpdatusService - ok
00:35:43.0723 9704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:35:43.0744 9704 nv_agp - ok
00:35:43.0795 9704 NWADI (6eeb54e34603dd417ece187c8402320a) C:\Windows\system32\DRIVERS\NWADIenum.sys
00:35:43.0798 9704 NWADI - ok
00:35:43.0871 9704 NWUSBCDFIL64 (d944d4341429093f55cb7f0ec87c86b3) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
00:35:43.0875 9704 NWUSBCDFIL64 - ok
00:35:43.0910 9704 NWUSBModem_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
00:35:43.0924 9704 NWUSBModem_000 - ok
00:35:43.0970 9704 NWUSBPort2_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser2_000.sys
00:35:43.0984 9704 NWUSBPort2_000 - ok
00:35:44.0034 9704 NWUSBPort_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser_000.sys
00:35:44.0038 9704 NWUSBPort_000 - ok
00:35:44.0158 9704 NWVZHelper (6f67805ebe1c879de008ed21bfcf2f02) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
00:35:44.0159 9704 NWVZHelper - ok
00:35:44.0238 9704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:35:44.0260 9704 ohci1394 - ok
00:35:44.0373 9704 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:35:44.0385 9704 ose - ok
00:35:45.0969 9704 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:35:46.0092 9704 osppsvc - ok
00:35:46.0445 9704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:35:46.0453 9704 p2pimsvc - ok
00:35:46.0520 9704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:35:46.0531 9704 p2psvc - ok
00:35:46.0588 9704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:35:46.0600 9704 Parport - ok
00:35:46.0645 9704 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:35:46.0646 9704 partmgr - ok
00:35:46.0782 9704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:35:46.0789 9704 PcaSvc - ok
00:35:46.0943 9704 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:35:46.0946 9704 pci - ok
00:35:46.0972 9704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:35:46.0973 9704 pciide - ok
00:35:47.0017 9704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:35:47.0022 9704 pcmcia - ok
00:35:47.0038 9704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:35:47.0039 9704 pcw - ok
00:35:47.0193 9704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:35:47.0197 9704 PEAUTH - ok
00:35:47.0250 9704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:35:47.0253 9704 PerfHost - ok
00:35:47.0479 9704 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:35:47.0526 9704 pla - ok
00:35:47.0582 9704 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:35:47.0585 9704 PlugPlay - ok
00:35:47.0625 9704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:35:47.0658 9704 PNRPAutoReg - ok
00:35:47.0727 9704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:35:47.0729 9704 PNRPsvc - ok
00:35:47.0912 9704 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:35:47.0935 9704 PolicyAgent - ok
00:35:47.0964 9704 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
00:35:47.0966 9704 Power - ok
00:35:48.0026 9704 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:35:48.0029 9704 PptpMiniport - ok
00:35:48.0063 9704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:35:48.0068 9704 Processor - ok
00:35:48.0298 9704 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:35:48.0300 9704 ProfSvc - ok
00:35:48.0351 9704 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:35:48.0352 9704 ProtectedStorage - ok
00:35:48.0383 9704 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:35:48.0386 9704 Psched - ok
00:35:48.0421 9704 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:35:48.0422 9704 PxHlpa64 - ok
00:35:48.0595 9704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:35:48.0634 9704 ql2300 - ok
00:35:49.0177 9704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:35:49.0179 9704 ql40xx - ok
00:35:49.0215 9704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:35:49.0235 9704 QWAVE - ok
00:35:49.0380 9704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:35:49.0386 9704 QWAVEdrv - ok
00:35:49.0401 9704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:35:49.0404 9704 RasAcd - ok
00:35:49.0426 9704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:35:49.0428 9704 RasAgileVpn - ok
00:35:49.0443 9704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:35:49.0452 9704 RasAuto - ok
00:35:49.0470 9704 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:35:49.0473 9704 Rasl2tp - ok
00:35:49.0500 9704 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:35:49.0516 9704 RasMan - ok
00:35:49.0541 9704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:35:49.0552 9704 RasPppoe - ok
00:35:49.0571 9704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:35:49.0574 9704 RasSstp - ok
00:35:49.0596 9704 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:35:49.0608 9704 rdbss - ok
00:35:49.0622 9704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:35:49.0625 9704 rdpbus - ok
00:35:49.0635 9704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:35:49.0636 9704 RDPCDD - ok
00:35:49.0659 9704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:35:49.0661 9704 RDPENCDD - ok
00:35:49.0674 9704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:35:49.0676 9704 RDPREFMP - ok
00:35:49.0846 9704 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:35:49.0850 9704 RDPWD - ok
00:35:49.0889 9704 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:35:49.0923 9704 rdyboost - ok
00:35:50.0250 9704 RegSrvc (b9a0810d16ea7935b10a5499aba61dc3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:35:50.0265 9704 RegSrvc - ok
00:35:50.0313 9704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:35:50.0316 9704 RemoteAccess - ok
00:35:50.0378 9704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:35:50.0390 9704 RemoteRegistry - ok
00:35:50.0443 9704 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:35:50.0447 9704 RFCOMM - ok
00:35:50.0615 9704 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
00:35:50.0655 9704 RoxMediaDB12OEM - ok
00:35:50.0689 9704 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
00:35:50.0690 9704 RoxWatch12 - ok
00:35:50.0873 9704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:35:50.0875 9704 RpcEptMapper - ok
00:35:50.0896 9704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:35:50.0899 9704 RpcLocator - ok
00:35:50.0929 9704 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:35:50.0933 9704 RpcSs - ok
00:35:51.0049 9704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:35:51.0050 9704 rspndr - ok
00:35:51.0080 9704 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:35:51.0081 9704 SamSs - ok
00:35:51.0151 9704 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:35:51.0152 9704 SASDIFSV - ok
00:35:51.0180 9704 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:35:51.0181 9704 SASKUTIL - ok
00:35:51.0199 9704 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:35:51.0201 9704 sbp2port - ok
00:35:51.0235 9704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:35:51.0253 9704 SCardSvr - ok
00:35:51.0276 9704 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:35:51.0278 9704 scfilter - ok
00:35:51.0387 9704 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:35:51.0393 9704 Schedule - ok
00:35:51.0431 9704 SCManager - ok
00:35:51.0507 9704 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:35:51.0510 9704 SCPolicySvc - ok
00:35:51.0552 9704 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
00:35:51.0555 9704 sdbus - ok
00:35:51.0583 9704 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:35:51.0601 9704 SDRSVC - ok
00:35:51.0658 9704 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:35:51.0660 9704 SeaPort - ok
00:35:51.0694 9704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:35:51.0695 9704 secdrv - ok
00:35:51.0705 9704 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:35:51.0708 9704 seclogon - ok
00:35:51.0725 9704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:35:51.0729 9704 SENS - ok
00:35:51.0752 9704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:35:51.0757 9704 SensrSvc - ok
00:35:51.0783 9704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:35:51.0785 9704 Serenum - ok
00:35:51.0797 9704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:35:51.0801 9704 Serial - ok
00:35:51.0818 9704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:35:51.0819 9704 sermouse - ok
00:35:51.0838 9704 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:35:51.0842 9704 SessionEnv - ok
00:35:51.0846 9704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:35:51.0850 9704 sffdisk - ok
00:35:51.0860 9704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:35:51.0862 9704 sffp_mmc - ok
00:35:51.0877 9704 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:35:51.0879 9704 sffp_sd - ok
00:35:51.0884 9704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:35:51.0885 9704 sfloppy - ok
00:35:52.0021 9704 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
00:35:52.0029 9704 SftService - ok
00:35:52.0192 9704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:35:52.0207 9704 SharedAccess - ok
00:35:52.0237 9704 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:35:52.0275 9704 ShellHWDetection - ok
00:35:52.0391 9704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:35:52.0394 9704 SiSRaid2 - ok
00:35:52.0410 9704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:35:52.0414 9704 SiSRaid4 - ok
00:35:52.0440 9704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:35:52.0442 9704 Smb - ok
00:35:52.0474 9704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:35:52.0476 9704 SNMPTRAP - ok
00:35:52.0486 9704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:35:52.0487 9704 spldr - ok
00:35:52.0548 9704 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:35:52.0552 9704 Spooler - ok
00:35:53.0078 9704 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:35:53.0149 9704 sppsvc - ok
00:35:53.0481 9704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:35:53.0494 9704 sppuinotify - ok
00:35:53.0569 9704 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:35:53.0577 9704 srv - ok
00:35:53.0653 9704 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:35:53.0655 9704 srv2 - ok
00:35:53.0675 9704 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:35:53.0676 9704 srvnet - ok
00:35:53.0851 9704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:35:53.0861 9704 SSDPSRV - ok
00:35:53.0936 9704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:35:53.0942 9704 SstpSvc - ok
00:35:53.0963 9704 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
00:35:53.0996 9704 stdcfltn - ok
00:35:54.0068 9704 Steam Client Service - ok
00:35:54.0174 9704 Stereo Service (0683504bbb3ffc0a73d9d217b63dd0e0) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:35:54.0176 9704 Stereo Service - ok
00:35:54.0215 9704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:35:54.0217 9704 stexstor - ok
00:35:54.0275 9704 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:35:54.0294 9704 stisvc - ok
00:35:54.0328 9704 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
00:35:54.0332 9704 stllssvr - ok
00:35:54.0346 9704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:35:54.0347 9704 swenum - ok
00:35:54.0386 9704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:35:54.0401 9704 swprv - ok
00:35:55.0257 9704 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:35:55.0286 9704 SysMain - ok
00:35:55.0615 9704 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:35:55.0619 9704 TabletInputService - ok
00:35:55.0645 9704 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:35:55.0655 9704 TapiSrv - ok
00:35:55.0668 9704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:35:55.0670 9704 TBS - ok
00:35:55.0925 9704 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:35:55.0934 9704 Tcpip - ok
00:35:56.0443 9704 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:35:56.0452 9704 TCPIP6 - ok
00:35:56.0595 9704 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:35:56.0597 9704 tcpipreg - ok
00:35:56.0614 9704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:35:56.0616 9704 TDPIPE - ok
00:35:56.0648 9704 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:35:56.0650 9704 TDTCP - ok
00:35:56.0662 9704 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:35:56.0665 9704 tdx - ok
00:35:56.0678 9704 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:35:56.0679 9704 TermDD - ok
00:35:56.0800 9704 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:35:56.0814 9704 TermService - ok
00:35:56.0829 9704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:35:56.0832 9704 Themes - ok
00:35:56.0923 9704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:35:56.0925 9704 THREADORDER - ok
00:35:56.0939 9704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:35:56.0944 9704 TrkWks - ok
00:35:57.0009 9704 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:35:57.0026 9704 TrustedInstaller - ok
00:35:57.0050 9704 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:35:57.0053 9704 tssecsrv - ok
00:35:57.0071 9704 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:35:57.0073 9704 TsUsbFlt - ok
00:35:57.0087 9704 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:35:57.0089 9704 TsUsbGD - ok
00:35:57.0124 9704 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:35:57.0127 9704 tunnel - ok
00:35:57.0176 9704 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
00:35:57.0176 9704 TurboB - ok
00:35:57.0265 9704 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:35:57.0266 9704 TurboBoost - ok
00:35:57.0281 9704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:35:57.0287 9704 uagp35 - ok
00:35:57.0334 9704 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:35:57.0348 9704 udfs - ok
00:35:57.0380 9704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:35:57.0384 9704 UI0Detect - ok
00:35:57.0408 9704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:35:57.0410 9704 uliagpkx - ok
00:35:57.0434 9704 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:35:57.0436 9704 umbus - ok
00:35:57.0448 9704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:35:57.0450 9704 UmPass - ok
00:35:57.0957 9704 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:35:58.0057 9704 UNS - ok
00:35:58.0203 9704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:35:58.0208 9704 upnphost - ok
00:35:58.0324 9704 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:35:58.0326 9704 USBAAPL64 - ok
00:35:58.0347 9704 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
00:35:58.0350 9704 usbccgp - ok
00:35:58.0372 9704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:35:58.0375 9704 usbcir - ok
00:35:58.0414 9704 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:35:58.0416 9704 usbehci - ok
00:35:58.0454 9704 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:35:58.0474 9704 usbhub - ok
00:35:58.0502 9704 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:35:58.0505 9704 usbohci - ok
00:35:58.0520 9704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:35:58.0524 9704 usbprint - ok
00:35:58.0593 9704 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:35:58.0600 9704 usbscan - ok
00:35:58.0630 9704 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:35:58.0636 9704 USBSTOR - ok
00:35:58.0670 9704 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:35:58.0675 9704 usbuhci - ok
00:35:58.0758 9704 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:35:58.0772 9704 usbvideo - ok
00:35:58.0797 9704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:35:58.0802 9704 UxSms - ok
00:35:58.0868 9704 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:35:58.0871 9704 VaultSvc - ok
00:35:58.0932 9704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:35:58.0934 9704 vdrvroot - ok
00:35:59.0096 9704 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:35:59.0178 9704 vds - ok
00:35:59.0201 9704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:35:59.0203 9704 vga - ok
00:35:59.0217 9704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:35:59.0219 9704 VgaSave - ok
00:35:59.0247 9704 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:35:59.0264 9704 vhdmp - ok
00:35:59.0284 9704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:35:59.0286 9704 viaide - ok
00:35:59.0300 9704 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:35:59.0301 9704 volmgr - ok
00:35:59.0332 9704 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:35:59.0337 9704 volmgrx - ok
00:35:59.0475 9704 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:35:59.0478 9704 volsnap - ok
00:35:59.0605 9704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:35:59.0618 9704 vsmraid - ok
00:36:00.0059 9704 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:36:00.0089 9704 VSS - ok
00:36:00.0260 9704 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
00:36:00.0264 9704 vToolbarUpdater11.2.0 - ok
00:36:00.0525 9704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:36:00.0541 9704 vwifibus - ok
00:36:00.0574 9704 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:36:00.0577 9704 vwififlt - ok
00:36:00.0601 9704 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:36:00.0602 9704 vwifimp - ok
00:36:00.0692 9704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:36:00.0698 9704 W32Time - ok
00:36:00.0719 9704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:36:00.0721 9704 WacomPen - ok
00:36:00.0747 9704 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:36:00.0750 9704 WANARP - ok
00:36:00.0753 9704 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:36:00.0754 9704 Wanarpv6 - ok
00:36:00.0979 9704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:36:01.0006 9704 WatAdminSvc - ok
00:36:01.0191 9704 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:36:01.0242 9704 wbengine - ok
00:36:01.0448 9704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:36:01.0473 9704 WbioSrvc - ok
00:36:01.0639 9704 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:36:01.0652 9704 wcncsvc - ok
00:36:01.0690 9704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:36:01.0708 9704 WcsPlugInService - ok
00:36:01.0759 9704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:36:01.0763 9704 Wd - ok
00:36:01.0797 9704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:36:01.0801 9704 Wdf01000 - ok
00:36:01.0921 9704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:36:01.0936 9704 WdiServiceHost - ok
00:36:01.0945 9704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:36:01.0951 9704 WdiSystemHost - ok
00:36:02.0074 9704 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:36:02.0091 9704 WebClient - ok
00:36:02.0117 9704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:36:02.0131 9704 Wecsvc - ok
00:36:02.0151 9704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:36:02.0156 9704 wercplsupport - ok
00:36:02.0189 9704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:36:02.0192 9704 WerSvc - ok
00:36:02.0251 9704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:36:02.0255 9704 WfpLwf - ok
00:36:02.0305 9704 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
00:36:02.0318 9704 WimFltr - ok
00:36:02.0339 9704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:36:02.0342 9704 WIMMount - ok
00:36:02.0373 9704 WinDefend - ok
00:36:02.0397 9704 WinHttpAutoProxySvc - ok
00:36:02.0551 9704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:36:02.0555 9704 Winmgmt - ok
00:36:03.0190 9704 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:36:03.0229 9704 WinRM - ok
00:36:03.0487 9704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:36:03.0492 9704 Wlansvc - ok
00:36:03.0553 9704 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:36:03.0558 9704 wlcrasvc - ok
00:36:04.0230 9704 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:36:04.0258 9704 wlidsvc - ok
00:36:04.0488 9704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:36:04.0488 9704 WmiAcpi - ok
00:36:04.0561 9704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:36:04.0570 9704 wmiApSrv - ok
00:36:04.0665 9704 WMPNetworkSvc - ok
00:36:04.0707 9704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:36:04.0714 9704 WPCSvc - ok
00:36:04.0737 9704 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:36:04.0741 9704 WPDBusEnum - ok
00:36:04.0755 9704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:36:04.0757 9704 ws2ifsl - ok
00:36:04.0782 9704 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:36:04.0786 9704 wscsvc - ok
00:36:04.0788 9704 WSearch - ok
00:36:05.0104 9704 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:36:05.0149 9704 wuauserv - ok
00:36:05.0343 9704 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:36:05.0345 9704 WudfPf - ok
00:36:05.0376 9704 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:36:05.0380 9704 WUDFRd - ok
00:36:05.0409 9704 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:36:05.0411 9704 wudfsvc - ok
00:36:05.0520 9704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:36:05.0532 9704 WwanSvc - ok
00:36:05.0587 9704 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
00:36:05.0592 9704 xusb21 - ok
00:36:05.0670 9704 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:36:06.0268 9704 \Device\Harddisk0\DR0 - ok
00:36:06.0281 9704 Boot (0x1200) (0698551f205cfabb7eecc07cb1aae3fc) \Device\Harddisk0\DR0\Partition0
00:36:06.0286 9704 \Device\Harddisk0\DR0\Partition0 - ok
00:36:06.0321 9704 Boot (0x1200) (f469f92cd55a49c8ce31b9ca98d1bd53) \Device\Harddisk0\DR0\Partition1
00:36:06.0322 9704 \Device\Harddisk0\DR0\Partition1 - ok
00:36:06.0323 9704 ============================================================
00:36:06.0323 9704 Scan finished
00:36:06.0323 9704 ============================================================
00:36:06.0341 9536 Detected object count: 0
00:36:06.0341 9536 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 00:39:43
-----------------------------
00:39:43.125 OS Version: Windows x64 6.1.7601 Service Pack 1
00:39:43.125 Number of processors: 4 586 0x2A07
00:39:43.126 ComputerName: BARBOSSA-PC UserName: Barbossa
00:39:44.330 Initialize success
00:40:40.980 AVAST engine defs: 12080801
00:40:51.987 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:40:51.992 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
00:40:52.007 Disk 0 MBR read successfully
00:40:52.012 Disk 0 MBR scan
00:40:52.018 Disk 0 Windows VISTA default MBR code
00:40:52.020 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
00:40:52.030 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
00:40:52.044 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456835 MB offset 41172992
00:40:52.075 Disk 0 scanning C:\Windows\system32\drivers
00:41:05.486 Service scanning
00:41:30.286 Modules scanning
00:41:30.303 Disk 0 trace - called modules:
00:41:30.322 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
00:41:30.659 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e5c060]
00:41:30.671 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007ccacb0]
00:41:30.681 5 stdcfltn.sys[fffff88001b29c52] -> nt!IofCallDriver -> [0xfffffa800547b950]
00:41:30.687 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062f4050]
00:41:32.249 AVAST engine scan C:\Windows
00:41:34.930 AVAST engine scan C:\Windows\system32
00:44:40.414 AVAST engine scan C:\Windows\system32\drivers
00:44:55.346 AVAST engine scan C:\Users\Barbossa
01:00:59.349 AVAST engine scan C:\ProgramData
01:03:48.892 Scan finished successfully
01:04:31.856 Disk 0 MBR has been saved successfully to "C:\Users\Barbossa\Desktop\MBR.dat"
01:04:31.863 The log file has been saved successfully to "C:\Users\Barbossa\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 09 August 2012 - 08:08 AM

Greetings GastlyKazoo

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com
c:\program files (x86)\Veoh Networks
c:\program files (x86)\SpeedyPC Software
c:\program files (x86)\Common Files\SpeedyPC Software

File::
c:\windows\Tasks\SpeedyPC Pro.job
c:\windows\Tasks\SpeedyPC Update Version3.job
c:\windows\Tasks\SpeedyPC Registration3.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 09 August 2012 - 06:27 PM

I'm having a problem disabling McAfee. My subscription expired in February, so I assumed it wasn't running. There is nowhere I can go into to shut it down; it wants me to renew the subscription. Can I uninstall it?

#8 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 09 August 2012 - 09:58 PM

I went ahead and ran ComboFix since it completed before with the same problem. It took a long time to run, with a continuous error message of "Windows cannot find 'NIRKMD.' Make sure you typed the name correctly, and then try again" after each stage. Everything else seems to be working fine.


ComboFix 12-08-09.01 - Barbossa 08/09/2012 21:41:29.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3706 [GMT -4:00]
Running from: c:\users\Barbossa\Desktop\ComboFix.exe
Command switches used :: c:\users\Barbossa\Desktop\CFScript.txt.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\Tasks\SpeedyPC Pro.job"
"c:\windows\Tasks\SpeedyPC Registration3.job"
"c:\windows\Tasks\SpeedyPC Update Version3.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Common Files\SpeedyPC Software
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\Logo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\LiteUnzip.dll
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\settings.xml
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
c:\program files (x86)\SpeedyPC Software
c:\program files (x86)\SpeedyPC Software\SpeedyPC\7ZipDLL.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\colors.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\CommonLoggingExtension.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\CommonSpecialist.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\ExtensionManager.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\filecachedb.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HandleUpdate.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\0_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\1_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\15_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\2_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\30_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\5_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_bkimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_leftimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_rightimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\error_connect.html
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\10x10.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\10x10tile.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\contentwrapper.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\error_internet.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\footerbarfill.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\info_bubble.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\pcha_background.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_footerbarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_subheadbarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_titlebarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\main.css
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\main_error.css
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\package_titlebar_bkimg.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Audio\cancel.wav
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Audio\complete.wav
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\btn.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\btn_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_defrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_file.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_generalsettings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_ignore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_schedule.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_over_small.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_small.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\renew.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\renew_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\start.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\start_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_empty.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_frag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unfrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unknown.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unmove.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\bottom_logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\close.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\dlg_title.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\max.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\min.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_close.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_close_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\renew.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\renew_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tab_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tabactive_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tabover_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tfn_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tfn_logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\title_bar.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\upper_divider.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\collapse.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\delete.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\expand.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\progress_glow.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_audio.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_doc.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_image.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_video.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_drivers.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_proc.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_reg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_3rd.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_browser.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_email.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_fs.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_im.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_multi.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_office.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_windows.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_apppath.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_com.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_dll.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_empty.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_extensions.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_filepath.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_font.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_help.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_shortcut.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_uninstall.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_about.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_clean.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_defrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_file.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_junk_settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_performance.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_tools.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_general.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_ignore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_schedule.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Icons\info.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Icons\warning.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\01.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\02.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\03.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\04.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\05.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\06.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\07.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\08.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\09.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\check.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage1.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage2.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage3.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage4.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage5.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage6.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\error.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\error_large.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\Fix.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\Fix_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\malware.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\md5.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\process-animation.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_h.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_h_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_mh.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_mh_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_ml.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_ml_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\security_high.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\security_low.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\warning.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\overview.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\tools.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LiteUnzip.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LiteZip.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LogSettings.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\MyResources.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\privacy.db
c:\program files (x86)\SpeedyPC Software\SpeedyPC\RegHookSpecialist.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\SandBoxer.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\settings.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
c:\program files (x86)\SpeedyPC Software\SpeedyPC\sqlite3.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\tfn.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\uninstall.exe
c:\program files (x86)\SpeedyPC Software\SpeedyPC\UNS.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Utility.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\whitelist.dat
c:\program files (x86)\Veoh Networks
c:\program files (x86)\Veoh Networks\VeohWebPlayer\fullscreen_client.swf
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-11_(16-47-08-675722).log
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-11_(17-41-47-114238).log
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-21_(23-42-33-192739).log
c:\program files (x86)\Veoh Networks\VeohWebPlayer\imageformats\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Veoh Networks\VeohWebPlayer\imageformats\msvcr90.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\IPCClient.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\libeay32.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Veoh Networks\VeohWebPlayer\msvcm90.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\msvcp90.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\msvcr90.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\qlipso_GirafficInstall0.86.126.230.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\qtveohtvplugin_jpn.qm
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\close2.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_center.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_left.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_right.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_horiz.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_vert_left.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_vert_right.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_edit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_email.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_large.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_large_white.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_small.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_white.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_corner_bottom_left.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_corner_bottom_right.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_TabButton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\AddVideosButton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\close.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\downloadsbutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\LeftBottomFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\LeftTopFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\librarybutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\logobutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\maximize.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\menubutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleBottomFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleLeftFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleRightFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleTopFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\minimize.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\RightBottomFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\RightTopFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\SpacerBottomFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\uploadsbutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\add_content_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\added_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\border_bottom.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\border_left.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\border_right.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\border_top.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\clear_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\corner_bottom_left.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\corner_bottom_right.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\corner_top_right.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\defaultvideo.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_download.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_edit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_email.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Delete.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Delete_Selected.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Play.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Play_Selected.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\download_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Completed.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Downloading.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Paused.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\length_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\library_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\list_view_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\loadingscreen.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\logo.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\NavSub_Search.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\pause_all_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\playlist_drag.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\publish_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\resume_all_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\thumb_view_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\title_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\toaster_close.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\trayicon.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\try_again_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_edit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_find.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Lock.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Play.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Rate.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Unlock.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\videothumb.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\VideoThumb_New.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\visit_veoh_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\download_frame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\LibraryMsg_frame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Add.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ClearCompleted.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PauseAll.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Playlist.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PlaylistHide.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PlaylistShow.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ResumeAll.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Search.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleLists.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleLists2.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleThumbs.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleThumbs2.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_View.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\playlist_button_bar.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\Playlist_Clear.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\Playlist_PlayAll.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\PublishPleaseWait.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\SortArrow.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\TopicBar_New.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\TopicBar_Options.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\TrashIcon.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\UpDown.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\Video_Hightlight_Default.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\Video_Hightlight_List.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\video_saved.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\VideoThumb_New.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\VideoThumb_Shadow.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\Exit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Bottom_Bg.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Bottom_Exit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Top_Bg.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Top_Exit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FullScreen.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\mute.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\next.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\pause.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_Bg.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_ControlsStop.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeFilled.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeMute.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeNotFilled.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeRight.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeScrub.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeUnmute.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Duration_Background.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_AdMarker.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Downloaded.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Filled.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_NotFilled.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Scrub.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Top_Bg.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\play.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\previous.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\qlipso_GirafficInstall0.86.126.230.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\Stop.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeDown.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeText.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeUp.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\skin.xml
c:\program files (x86)\Veoh Networks\VeohWebPlayer\ssleay32.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\uninst.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\VeohCompassInstall.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Win32ImageGrabber.exe
c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\windows\Tasks\SpeedyPC Pro.job
c:\windows\Tasks\SpeedyPC Registration3.job
c:\windows\Tasks\SpeedyPC Update Version3.job
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 02:33 . 2012-08-10 02:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-10 02:33 . 2012-08-10 02:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 21:10 . 2012-08-04 21:10 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-07-17 01:17 . 2012-07-17 01:17 116016 ----a-w- c:\windows\system32\drivers\57268974.sys
2012-07-16 20:33 . 2012-07-16 20:33 -------- d-----w- c:\program files (x86)\ESET
2012-07-15 18:18 . 2012-07-15 18:18 -------- d-----w- c:\users\Barbossa\AppData\Roaming\Malwarebytes
2012-07-15 18:17 . 2012-07-15 18:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 18:17 . 2012-07-15 18:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 18:17 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 06:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 21:19 . 2012-03-30 14:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 21:19 . 2011-12-22 09:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 06:25 . 2012-01-11 21:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 00:37 . 2012-07-07 00:38 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-09 05:43 . 2012-07-10 22:51 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 22:51 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 22:51 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 22:51 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 22:51 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 22:51 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 22:51 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-18 23:10 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 23:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:10 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 23:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 23:10 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-18 23:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-18 23:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 22:51 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 22:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-10 22:51 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-10 22:51 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 22:51 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 22:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 22:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 22:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 22:51 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_03.57.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-09 22:59 62698 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-09 22:59 40986 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-11 20:23 . 2012-08-09 22:59 16632 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2549522551-1579802136-2033792612-1002_UserData.bin
- 2012-01-11 02:49 . 2012-08-09 02:44 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-11 02:49 . 2012-08-10 02:17 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-11 02:49 . 2012-08-09 02:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-11 02:49 . 2012-08-10 02:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 02:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-09 02:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-09 22:57 . 2012-08-09 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 03:54 . 2012-08-09 03:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 22:57 . 2012-08-09 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 03:54 . 2012-08-09 03:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-09 03:57 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-09 22:57 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 04:44 . 2012-08-10 00:25 268546 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-01-16 10:01 . 2012-08-09 05:10 468864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-16 10:01 . 2012-08-09 03:17 468864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-08-09 05:10 424464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-09 03:53 424464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-09 22:57 2719744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-09 03:57 2719744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-09 03:57 7159808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-09 22:57 7159808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-11 08:16 . 2012-08-09 03:53 8639992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2549522551-1579802136-2033792612-1002-8192.dat
+ 2012-01-11 08:16 . 2012-08-09 05:10 8639992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2549522551-1579802136-2033792612-1002-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 02:53 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Barbossa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 100912]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2010-07-08 25600]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 217728]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 217728]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 217728]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-11 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 284648]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 75808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-06 161168]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-10-22 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-10-19 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-10-22 79872]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 481768]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-09-18 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:19]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549522551-1579802136-2033792612-1002Core.job
- c:\users\Barbossa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 17:36]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549522551-1579802136-2033792612-1002UA.job
- c:\users\Barbossa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 17:36]
.
2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-10-20 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-26 7214696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKCU-Run-VeohPlugin - c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Veoh Web Player Beta - c:\program files (x86)\Veoh Networks\VeohWebPlayer\uninst.exe
AddRemove-{604CD5A1-4520-4844-B064-A3D884B77E91} - c:\program files (x86)\SpeedyPC Software\SpeedyPC\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-09 22:53:42
ComboFix-quarantined-files.txt 2012-08-10 02:53
ComboFix2.txt 2012-08-09 04:09
.
Pre-Run: 345,338,343,424 bytes free
Post-Run: 345,095,966,720 bytes free
.
- - End Of File - - 400627DEADD9FE0E7E274754FD30468A

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 10 August 2012 - 12:56 AM

Yes uninstall McAfee and I will get you another one soon



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 13 August 2012 - 01:58 PM

Here are the two logs. I didn't encounter any problems and the computer seems to be working fine.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Barbossa :: BARBOSSA-PC [administrator]

Protection: Enabled

8/12/2012 4:09:35 PM
mbam-log-2012-08-12 (16-09-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221202
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:52:24 PM, on 8/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Barbossa\Desktop\HijackThis.exe
C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.0\ComUpdatus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - Startup: Intel® Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Novatel Wireless Verizon Device Helper (NWVZHelper) - Novatel Wireless Inc. - C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17211 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 13 August 2012 - 02:37 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
      O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - Global Startup: SafeConnect.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 13 August 2012 - 10:25 PM

Here is the report from ESET:

C:\Qoobox\Quarantine\C\Windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\000000cb.@.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\80000000.@.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{3d2d246a-1f6e-2931-394e-3e4d1bd387c9}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 14 August 2012 - 01:37 AM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 GastlyKazoo

GastlyKazoo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 16 August 2012 - 09:43 PM

Thanks so much! Everything seems to be working fine now. I have followed your instructions in removing the tools and read your security tips and useful tools to keep the computer running smoothly and virus-free. Thanks again for all your help!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:50 AM

Posted 17 August 2012 - 01:03 PM

you are more than welcome and glad I was able to help


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users