Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Locked, Random sounds, No safe mode, etc...


  • This topic is locked This topic is locked
17 replies to this topic

#1 caappold

caappold

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 06 August 2012 - 12:20 PM

A couple of days ago, I got the FBI locked virus. I tried to restart in safe mode and run MBAM and AVG but everytime I started safe mode the computer would lock up and restart in normal mode. I adventually let it start in normal mode and quickly hit cntrl alt delete and stopped any processes that I didn't automatically recoginise. The ransomware didn't start so I started running scans. Nothing found by AVG or MBAM. Another site said to try stopzilla. It found something but wanted $30 to remove it... I followed the path to where the problem was and tried to delete the file but it would continuely return. I tried a restore point and it would just get hung up initailizing. After about an hour I restarted and tried to move on. I also have a bunch of random sounds that come and go as the please. Like a Tiger roar, a giggle, a rocket. Today when I logged in to post this andget the logs to post on here when I put in my password at the windows log in, everything appeared to working normally but It wouldn't allow me to log in as "USER". Instead it forced me to log in as a guest and is preventing me from making changes to the computer.

Your guys at bleepingcomputer are the best and have bailed me out before. Hopefully you can do so again. Thanks in advance.

Here are my logs. GMER wouldn't let me select or unselect any boxes that are requested in the tutorial. I ran it the way it was but it is blank.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Christian at 12:42:17 on 2012-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.1944 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\sminst\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\SIMULIA\Documentation\monitor.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\SIMULIA\Documentation\monitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\TEMP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 141.218.140.6 141.218.1.100
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616} : DhcpNameServer = 141.218.140.6 141.218.1.100
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\140707C696E6B6379737 : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\46963786F6D656 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\77D657D2375727675697 : DhcpNameServer = 141.218.1.100 141.218.20.114
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\C696E6B6379737 : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\F46666963656534376 : DhcpNameServer = 192.168.2.1 24.247.24.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{D7C13140-4631-49D0-B2A0-00229402298F} : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/03/12 21:36:37];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-12 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2010-3-12 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-1-22 673792]
R2 SftService;SoftThinks Agent Service;C:\Windows\sminst\SftService.exe [2009-5-23 632048]
R2 Texis Monitor;Texis Monitor;C:\SIMULIA\Documentation\monitor.exe [2012-2-29 4493312]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-5 1436424]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-06 16:38:45 -------- d-----w- C:\Users\TEMP\AppData\Roaming\ProgSense
2012-08-06 16:27:28 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Dell
2012-08-06 16:26:47 -------- d-----w- C:\Users\TEMP\AppData\Roaming\AVG2012
2012-08-06 16:26:47 -------- d-----w- C:\Users\TEMP\AppData\Local\AVG Secure Search
2012-08-06 16:26:34 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Malwarebytes
2012-08-06 16:24:13 -------- d-----w- C:\Users\TEMP\AppData\Local\VirtualStore
2012-08-06 02:24:52 -------- d-----w- C:\ProgramData\STOPzilla!
2012-08-06 02:24:52 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-08-05 22:47:14 -------- d-----w- C:\Program Files\CCleaner
2012-08-05 00:58:50 4878336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Maple 14.0\Crack\maple.dll
2012-07-18 16:32:49 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 16:32:28 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 16:31:55 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 16:31:55 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 16:31:54 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 16:31:54 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 16:31:54 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 16:31:54 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 16:31:54 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 16:31:54 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 16:31:54 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 16:31:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 16:31:53 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 16:31:53 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 16:31:53 1133568 ----a-w- C:\Windows\System32\cdosys.dll
.
==================== Find3M ====================
.
2012-08-02 22:06:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 22:06:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 15:49:30 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-31 15:49:30 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 12:42:55.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 11 August 2012 - 12:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464109 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 caappold

caappold
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 13 August 2012 - 07:44 AM

I still need help. My first post adequately describes the problem.

I have included a new dds log. The GMER program is still having the same issue as before.

I am running Windows 7 - Home Premium - 64 bit.

I do NOT have the Windows CD and would lke information on how to properly transfer my files, without tranfering the virus, before being asked to reformat please.

Thanks again,

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Christian at 8:37:19 on 2012-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.2135 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\sminst\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\SIMULIA\Documentation\monitor.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\SIMULIA\Documentation\monitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exeC:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\TEMP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 141.218.140.6 141.218.1.100
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616} : DhcpNameServer = 141.218.140.6 141.218.1.100
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\46963786F6D656 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\77D657D2375727675697 : DhcpNameServer = 141.218.1.100 141.218.20.114
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\C696E6B6379737 : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B633FD09-81C8-412D-A423-386187037616}\F46666963656534376 : DhcpNameServer = 192.168.2.1 24.247.24.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{D7C13140-4631-49D0-B2A0-00229402298F} : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/03/12 21:36:37];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-12 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2010-3-12 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-1-22 673792]
R2 SftService;SoftThinks Agent Service;C:\Windows\sminst\SftService.exe [2009-5-23 632048]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-5 1436424]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-08-10 19:14:40 -------- d-----w- C:\Users\TEMP\AppData\Roaming\FreeFileViewer
2012-08-06 16:38:45 -------- d-----w- C:\Users\TEMP\AppData\Roaming\ProgSense
2012-08-06 16:27:28 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Dell
2012-08-06 16:26:47 -------- d-----w- C:\Users\TEMP\AppData\Roaming\AVG2012
2012-08-06 16:26:47 -------- d-----w- C:\Users\TEMP\AppData\Local\AVG Secure Search
2012-08-06 16:26:34 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Malwarebytes
2012-08-06 16:24:13 -------- d-----w- C:\Users\TEMP\AppData\Local\VirtualStore
2012-08-06 02:24:52 -------- d-----w- C:\ProgramData\STOPzilla!
2012-08-06 02:24:52 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-08-05 22:47:14 -------- d-----w- C:\Program Files\CCleaner
2012-08-05 00:58:50 4878336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Maple 14.0\Crack\maple.dll
2012-07-18 16:32:49 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-02 22:06:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 22:06:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 15:49:30 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-31 15:49:30 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 8:39:45.10 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 AM

Posted 13 August 2012 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please execute the instructions on this page.

Remove the FBI MoneyPak Ransomware or the Reveton Trojan
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

If at any time you need advice to continue please ask.

When completed please post a fresh DDS log and let me know what problem persists.

#5 caappold

caappold
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 13 August 2012 - 09:25 AM

I have tried to do this but I get stopped before I can go past step 2. I cannot get to safe mode. When I tried to reboot into safe mode, it will go to the login in screen and then restart the computer. I can try to get into safe mode again, but it will continually restart until I let it start in normal mode.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 AM

Posted 13 August 2012 - 01:08 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Then lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 caappold

caappold
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 13 August 2012 - 01:43 PM

14:17:52.0168 4532 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:17:52.0449 4532 ============================================================
14:17:52.0449 4532 Current date / time: 2012/08/13 14:17:52.0449
14:17:52.0449 4532 SystemInfo:
14:17:52.0449 4532
14:17:52.0449 4532 OS Version: 6.1.7601 ServicePack: 1.0
14:17:52.0449 4532 Product type: Workstation
14:17:52.0449 4532 ComputerName: CHRISTIAN-PC
14:17:52.0449 4532 UserName: Christian
14:17:52.0449 4532 Windows directory: C:\Windows
14:17:52.0449 4532 System windows directory: C:\Windows
14:17:52.0449 4532 Running under WOW64
14:17:52.0449 4532 Processor architecture: Intel x64
14:17:52.0449 4532 Number of processors: 2
14:17:52.0449 4532 Page size: 0x1000
14:17:52.0449 4532 Boot type: Normal boot
14:17:52.0449 4532 ============================================================
14:17:55.0881 4532 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:17:55.0896 4532 ============================================================
14:17:55.0896 4532 \Device\Harddisk0\DR0:
14:17:55.0896 4532 MBR partitions:
14:17:55.0896 4532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1E00000
14:17:55.0896 4532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E27800, BlocksNum 0x3855E000
14:17:55.0896 4532 ============================================================
14:17:56.0006 4532 C: <-> \Device\Harddisk0\DR0\Partition1
14:17:56.0052 4532 D: <-> \Device\Harddisk0\DR0\Partition0
14:17:56.0052 4532 ============================================================
14:17:56.0052 4532 Initialize success
14:17:56.0052 4532 ============================================================
14:18:01.0263 2712 ============================================================
14:18:01.0263 2712 Scan started
14:18:01.0263 2712 Mode: Manual;
14:18:01.0263 2712 ============================================================
14:18:08.0283 2712 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:18:08.0283 2712 1394ohci - ok
14:18:08.0376 2712 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:18:08.0376 2712 ACPI - ok
14:18:08.0408 2712 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:18:08.0423 2712 AcpiPmi - ok
14:18:08.0720 2712 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:18:08.0766 2712 AdobeFlashPlayerUpdateSvc - ok
14:18:08.0844 2712 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:18:08.0860 2712 adp94xx - ok
14:18:08.0922 2712 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:18:08.0954 2712 adpahci - ok
14:18:08.0985 2712 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:18:09.0000 2712 adpu320 - ok
14:18:09.0032 2712 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:18:09.0047 2712 AeLookupSvc - ok
14:18:09.0188 2712 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
14:18:09.0188 2712 AESTFilters - ok
14:18:09.0281 2712 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:18:09.0281 2712 AFD - ok
14:18:09.0359 2712 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:18:09.0359 2712 agp440 - ok
14:18:10.0014 2712 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
14:18:10.0014 2712 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
14:18:10.0014 2712 Akamai ( HiddenFile.Multi.Generic ) - warning
14:18:10.0014 2712 Akamai - detected HiddenFile.Multi.Generic (1)
14:18:10.0170 2712 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:18:10.0170 2712 ALG - ok
14:18:10.0404 2712 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:18:10.0404 2712 aliide - ok
14:18:10.0420 2712 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:18:10.0420 2712 amdide - ok
14:18:10.0467 2712 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:18:10.0467 2712 AmdK8 - ok
14:18:10.0482 2712 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:18:10.0482 2712 AmdPPM - ok
14:18:10.0529 2712 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:18:10.0529 2712 amdsata - ok
14:18:10.0545 2712 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:18:10.0560 2712 amdsbs - ok
14:18:10.0607 2712 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:18:10.0607 2712 amdxata - ok
14:18:10.0732 2712 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:18:10.0732 2712 androidusb - ok
14:18:10.0794 2712 ApfiltrService (7eaf337dfa1d6766b585c0559d55e27f) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:18:10.0794 2712 ApfiltrService - ok
14:18:10.0857 2712 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:18:10.0857 2712 AppID - ok
14:18:10.0919 2712 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:18:10.0919 2712 AppIDSvc - ok
14:18:10.0950 2712 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:18:10.0966 2712 Appinfo - ok
14:18:11.0044 2712 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:18:11.0044 2712 arc - ok
14:18:11.0060 2712 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:18:11.0075 2712 arcsas - ok
14:18:11.0106 2712 ASPI - ok
14:18:11.0309 2712 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:18:11.0372 2712 aspnet_state - ok
14:18:11.0434 2712 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:18:11.0434 2712 AsyncMac - ok
14:18:11.0481 2712 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:18:11.0481 2712 atapi - ok
14:18:11.0590 2712 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:18:11.0590 2712 AudioEndpointBuilder - ok
14:18:11.0606 2712 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:18:11.0606 2712 AudioSrv - ok
14:18:12.0167 2712 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
14:18:12.0198 2712 AVGIDSAgent - ok
14:18:12.0620 2712 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:18:12.0620 2712 AVGIDSDriver - ok
14:18:12.0791 2712 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:18:12.0791 2712 AVGIDSFilter - ok
14:18:12.0869 2712 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
14:18:12.0869 2712 AVGIDSHA - ok
14:18:12.0916 2712 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:18:12.0916 2712 Avgldx64 - ok
14:18:12.0963 2712 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:18:12.0963 2712 Avgmfx64 - ok
14:18:12.0978 2712 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:18:12.0978 2712 Avgrkx64 - ok
14:18:13.0041 2712 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
14:18:13.0041 2712 Avgtdia - ok
14:18:13.0181 2712 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:18:13.0181 2712 avgwd - ok
14:18:13.0290 2712 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:18:13.0290 2712 AxInstSV - ok
14:18:13.0368 2712 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:18:13.0400 2712 b06bdrv - ok
14:18:13.0493 2712 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:18:13.0493 2712 b57nd60a - ok
14:18:13.0634 2712 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:18:13.0649 2712 BBSvc - ok
14:18:13.0774 2712 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:18:13.0774 2712 BDESVC - ok
14:18:13.0790 2712 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:18:13.0790 2712 Beep - ok
14:18:13.0899 2712 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:18:13.0914 2712 BFE - ok
14:18:14.0008 2712 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:18:14.0024 2712 BITS - ok
14:18:14.0133 2712 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:18:14.0133 2712 blbdrive - ok
14:18:14.0273 2712 Bonjour Service (a065f048e9e23e6c026a7bb548d126a7) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:18:14.0273 2712 Bonjour Service - ok
14:18:14.0336 2712 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:18:14.0336 2712 bowser - ok
14:18:14.0351 2712 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:18:14.0351 2712 BrFiltLo - ok
14:18:14.0398 2712 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:18:14.0398 2712 BrFiltUp - ok
14:18:14.0460 2712 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:18:14.0460 2712 Browser - ok
14:18:14.0507 2712 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:18:14.0507 2712 Brserid - ok
14:18:14.0554 2712 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:18:14.0554 2712 BrSerWdm - ok
14:18:14.0585 2712 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:18:14.0585 2712 BrUsbMdm - ok
14:18:14.0616 2712 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:18:14.0616 2712 BrUsbSer - ok
14:18:14.0648 2712 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:18:14.0710 2712 BTHMODEM - ok
14:18:14.0897 2712 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:18:14.0897 2712 bthserv - ok
14:18:15.0022 2712 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:18:15.0022 2712 cdfs - ok
14:18:15.0100 2712 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:18:15.0131 2712 cdrom - ok
14:18:15.0162 2712 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:18:15.0162 2712 CertPropSvc - ok
14:18:15.0225 2712 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:18:15.0225 2712 circlass - ok
14:18:15.0303 2712 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:18:15.0303 2712 CLFS - ok
14:18:15.0428 2712 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:18:15.0428 2712 clr_optimization_v2.0.50727_32 - ok
14:18:15.0506 2712 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:18:15.0506 2712 clr_optimization_v2.0.50727_64 - ok
14:18:15.0615 2712 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:18:15.0864 2712 clr_optimization_v4.0.30319_32 - ok
14:18:15.0911 2712 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:18:15.0927 2712 clr_optimization_v4.0.30319_64 - ok
14:18:15.0974 2712 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:18:15.0974 2712 CmBatt - ok
14:18:16.0005 2712 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:18:16.0005 2712 cmdide - ok
14:18:16.0083 2712 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:18:16.0083 2712 CNG - ok
14:18:16.0114 2712 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:18:16.0114 2712 Compbatt - ok
14:18:16.0161 2712 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:18:16.0176 2712 CompositeBus - ok
14:18:16.0192 2712 COMSysApp - ok
14:18:16.0223 2712 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:18:16.0223 2712 crcdisk - ok
14:18:16.0286 2712 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:18:16.0286 2712 CryptSvc - ok
14:18:16.0332 2712 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:18:16.0348 2712 CtClsFlt - ok
14:18:16.0410 2712 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:18:16.0426 2712 DcomLaunch - ok
14:18:16.0488 2712 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:18:16.0488 2712 defragsvc - ok
14:18:16.0535 2712 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:18:16.0535 2712 DfsC - ok
14:18:16.0598 2712 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:18:16.0598 2712 Dhcp - ok
14:18:16.0722 2712 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:18:16.0722 2712 discache - ok
14:18:16.0769 2712 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:18:16.0769 2712 Disk - ok
14:18:16.0816 2712 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:18:16.0816 2712 Dnscache - ok
14:18:16.0925 2712 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:18:16.0925 2712 DockLoginService - ok
14:18:17.0003 2712 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:18:17.0003 2712 dot3svc - ok
14:18:17.0066 2712 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:18:17.0066 2712 DPS - ok
14:18:17.0315 2712 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:18:17.0315 2712 drmkaud - ok
14:18:17.0424 2712 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:18:17.0440 2712 DXGKrnl - ok
14:18:17.0487 2712 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:18:17.0487 2712 EapHost - ok
14:18:17.0799 2712 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:18:17.0830 2712 ebdrv - ok
14:18:18.0002 2712 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:18:18.0002 2712 EFS - ok
14:18:18.0220 2712 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:18:18.0220 2712 ehRecvr - ok
14:18:18.0298 2712 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:18:18.0298 2712 ehSched - ok
14:18:18.0454 2712 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:18:18.0485 2712 elxstor - ok
14:18:18.0532 2712 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:18:18.0532 2712 ErrDev - ok
14:18:18.0610 2712 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:18:18.0610 2712 EventSystem - ok
14:18:18.0719 2712 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:18:18.0735 2712 exfat - ok
14:18:18.0766 2712 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:18:18.0766 2712 fastfat - ok
14:18:18.0891 2712 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:18:18.0891 2712 Fax - ok
14:18:18.0953 2712 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:18:18.0953 2712 fdc - ok
14:18:19.0016 2712 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:18:19.0016 2712 fdPHost - ok
14:18:19.0031 2712 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:18:19.0031 2712 FDResPub - ok
14:18:19.0078 2712 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:18:19.0078 2712 FileInfo - ok
14:18:19.0125 2712 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:18:19.0125 2712 Filetrace - ok
14:18:19.0296 2712 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:18:19.0328 2712 FLEXnet Licensing Service - ok
14:18:19.0780 2712 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:18:19.0858 2712 FLEXnet Licensing Service 64 - ok
14:18:20.0076 2712 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:18:20.0076 2712 flpydisk - ok
14:18:20.0154 2712 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:18:20.0154 2712 FltMgr - ok
14:18:20.0264 2712 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:18:20.0326 2712 FontCache - ok
14:18:20.0466 2712 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:18:20.0466 2712 FontCache3.0.0.0 - ok
14:18:20.0513 2712 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:18:20.0513 2712 FsDepends - ok
14:18:20.0560 2712 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
14:18:20.0576 2712 fssfltr - ok
14:18:20.0856 2712 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:18:20.0872 2712 fsssvc - ok
14:18:21.0059 2712 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:18:21.0059 2712 Fs_Rec - ok
14:18:21.0122 2712 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:18:21.0122 2712 fvevol - ok
14:18:21.0168 2712 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:18:21.0168 2712 gagp30kx - ok
14:18:21.0278 2712 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
14:18:21.0278 2712 GoToAssist - ok
14:18:21.0356 2712 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:18:21.0371 2712 gpsvc - ok
14:18:21.0512 2712 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:18:21.0512 2712 gupdate - ok
14:18:21.0543 2712 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:18:21.0543 2712 gupdatem - ok
14:18:21.0683 2712 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:18:21.0683 2712 gusvc - ok
14:18:21.0714 2712 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:18:21.0730 2712 hcw85cir - ok
14:18:21.0964 2712 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:18:21.0980 2712 HDAudBus - ok
14:18:22.0042 2712 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:18:22.0042 2712 HidBatt - ok
14:18:22.0120 2712 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:18:22.0136 2712 HidBth - ok
14:18:22.0182 2712 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:18:22.0182 2712 HidIr - ok
14:18:22.0229 2712 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:18:22.0229 2712 hidserv - ok
14:18:22.0292 2712 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:18:22.0307 2712 HidUsb - ok
14:18:22.0354 2712 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:18:22.0354 2712 hkmsvc - ok
14:18:22.0416 2712 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:18:22.0432 2712 HomeGroupListener - ok
14:18:22.0479 2712 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:18:22.0479 2712 HomeGroupProvider - ok
14:18:22.0541 2712 hotcore3 (5e626ea93c77825c56e6fbc2fd5e5de5) C:\Windows\system32\DRIVERS\hotcore3.sys
14:18:22.0541 2712 hotcore3 - ok
14:18:22.0572 2712 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:18:22.0572 2712 HpSAMD - ok
14:18:22.0744 2712 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:18:22.0744 2712 HTTP - ok
14:18:22.0791 2712 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:18:22.0791 2712 hwpolicy - ok
14:18:22.0838 2712 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:18:22.0838 2712 i8042prt - ok
14:18:22.0900 2712 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:18:22.0916 2712 iaStorV - ok
14:18:23.0103 2712 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:18:23.0118 2712 idsvc - ok
14:18:23.0914 2712 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:18:24.0132 2712 igfx - ok
14:18:24.0678 2712 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:18:24.0678 2712 iirsp - ok
14:18:24.0819 2712 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:18:24.0834 2712 IKEEXT - ok
14:18:24.0912 2712 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
14:18:24.0928 2712 IntcHdmiAddService - ok
14:18:24.0959 2712 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:18:24.0959 2712 intelide - ok
14:18:24.0990 2712 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:18:24.0990 2712 intelppm - ok
14:18:25.0037 2712 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:18:25.0037 2712 IPBusEnum - ok
14:18:25.0084 2712 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:18:25.0100 2712 IpFilterDriver - ok
14:18:25.0412 2712 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:18:25.0412 2712 iphlpsvc - ok
14:18:25.0458 2712 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:18:25.0474 2712 IPMIDRV - ok
14:18:25.0521 2712 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:18:25.0521 2712 IPNAT - ok
14:18:25.0552 2712 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:18:25.0552 2712 IRENUM - ok
14:18:25.0724 2712 is3srv - ok
14:18:25.0770 2712 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:18:25.0770 2712 isapnp - ok
14:18:25.0833 2712 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:18:25.0848 2712 iScsiPrt - ok
14:18:25.0895 2712 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
14:18:25.0911 2712 itecir - ok
14:18:25.0989 2712 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
14:18:25.0989 2712 k57nd60a - ok
14:18:26.0004 2712 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:18:26.0004 2712 kbdclass - ok
14:18:26.0051 2712 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:18:26.0067 2712 kbdhid - ok
14:18:26.0098 2712 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:18:26.0098 2712 KeyIso - ok
14:18:26.0145 2712 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:18:26.0145 2712 KSecDD - ok
14:18:26.0192 2712 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:18:26.0192 2712 KSecPkg - ok
14:18:26.0238 2712 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:18:26.0238 2712 ksthunk - ok
14:18:26.0316 2712 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:18:26.0348 2712 KtmRm - ok
14:18:26.0426 2712 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:18:26.0426 2712 LanmanServer - ok
14:18:26.0488 2712 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:18:26.0488 2712 LanmanWorkstation - ok
14:18:27.0081 2712 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
14:18:27.0112 2712 LeapFrog Connect Device Service - ok
14:18:27.0346 2712 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys
14:18:27.0362 2712 Leapfrog-USBLAN - ok
14:18:27.0440 2712 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:18:27.0440 2712 lltdio - ok
14:18:27.0486 2712 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:18:27.0518 2712 lltdsvc - ok
14:18:27.0549 2712 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:18:27.0549 2712 lmhosts - ok
14:18:27.0596 2712 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:18:27.0596 2712 LSI_FC - ok
14:18:27.0674 2712 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:18:27.0674 2712 LSI_SAS - ok
14:18:27.0720 2712 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:18:27.0720 2712 LSI_SAS2 - ok
14:18:27.0752 2712 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:18:27.0798 2712 LSI_SCSI - ok
14:18:27.0830 2712 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:18:27.0830 2712 luafv - ok
14:18:27.0892 2712 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:18:27.0892 2712 Mcx2Svc - ok
14:18:27.0908 2712 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:18:27.0908 2712 megasas - ok
14:18:27.0954 2712 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:18:27.0954 2712 MegaSR - ok
14:18:28.0079 2712 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:18:28.0079 2712 Microsoft Office Groove Audit Service - ok
14:18:28.0266 2712 mitsijm2011 (6bf0a4a21fbb50fcf644e9b7e8955241) C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
14:18:28.0266 2712 mitsijm2011 - ok
14:18:28.0344 2712 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:18:28.0344 2712 MMCSS - ok
14:18:28.0360 2712 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:18:28.0360 2712 Modem - ok
14:18:28.0407 2712 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:18:28.0407 2712 monitor - ok
14:18:28.0469 2712 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:18:28.0469 2712 mouclass - ok
14:18:28.0500 2712 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:18:28.0500 2712 mouhid - ok
14:18:28.0547 2712 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:18:28.0547 2712 mountmgr - ok
14:18:28.0610 2712 MozillaMaintenance (848f7ea543731735654e47e0db99dd75) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:18:28.0610 2712 MozillaMaintenance - ok
14:18:28.0734 2712 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:18:28.0781 2712 mpio - ok
14:18:28.0828 2712 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:18:28.0828 2712 mpsdrv - ok
14:18:28.0953 2712 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:18:28.0968 2712 MpsSvc - ok
14:18:29.0031 2712 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:18:29.0109 2712 MRxDAV - ok
14:18:29.0218 2712 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:18:29.0218 2712 mrxsmb - ok
14:18:29.0280 2712 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:18:29.0280 2712 mrxsmb10 - ok
14:18:29.0296 2712 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:18:29.0296 2712 mrxsmb20 - ok
14:18:29.0374 2712 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:18:29.0374 2712 msahci - ok
14:18:29.0436 2712 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:18:29.0452 2712 msdsm - ok
14:18:29.0483 2712 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:18:29.0499 2712 MSDTC - ok
14:18:29.0592 2712 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:18:29.0592 2712 Msfs - ok
14:18:29.0624 2712 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:18:29.0624 2712 mshidkmdf - ok
14:18:29.0655 2712 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:18:29.0655 2712 msisadrv - ok
14:18:29.0717 2712 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:18:29.0733 2712 MSiSCSI - ok
14:18:29.0733 2712 msiserver - ok
14:18:29.0764 2712 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:18:29.0764 2712 MSKSSRV - ok
14:18:29.0780 2712 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:18:29.0780 2712 MSPCLOCK - ok
14:18:29.0795 2712 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:18:29.0795 2712 MSPQM - ok
14:18:29.0858 2712 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:18:29.0858 2712 MsRPC - ok
14:18:29.0889 2712 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:18:29.0889 2712 mssmbios - ok
14:18:29.0920 2712 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:18:29.0920 2712 MSTEE - ok
14:18:29.0951 2712 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:18:29.0951 2712 MTConfig - ok
14:18:29.0967 2712 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:18:29.0967 2712 Mup - ok
14:18:30.0029 2712 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:18:30.0045 2712 napagent - ok
14:18:30.0092 2712 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:18:30.0092 2712 NativeWifiP - ok
14:18:30.0170 2712 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:18:30.0185 2712 NDIS - ok
14:18:30.0201 2712 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:18:30.0216 2712 NdisCap - ok
14:18:30.0248 2712 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:18:30.0248 2712 NdisTapi - ok
14:18:30.0294 2712 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:18:30.0294 2712 Ndisuio - ok
14:18:30.0341 2712 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:18:30.0357 2712 NdisWan - ok
14:18:30.0419 2712 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:18:30.0435 2712 NDProxy - ok
14:18:30.0482 2712 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:18:30.0482 2712 NetBIOS - ok
14:18:30.0528 2712 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:18:30.0528 2712 NetBT - ok
14:18:30.0591 2712 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:18:30.0591 2712 Netlogon - ok
14:18:30.0669 2712 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:18:30.0669 2712 Netman - ok
14:18:30.0840 2712 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:18:30.0872 2712 NetMsmqActivator - ok
14:18:30.0872 2712 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:18:30.0872 2712 NetPipeActivator - ok
14:18:30.0950 2712 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:18:30.0950 2712 netprofm - ok
14:18:30.0981 2712 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:18:30.0981 2712 NetTcpActivator - ok
14:18:30.0996 2712 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:18:30.0996 2712 NetTcpPortSharing - ok
14:18:31.0542 2712 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:18:31.0574 2712 netw5v64 - ok
14:18:31.0886 2712 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:18:31.0901 2712 nfrd960 - ok
14:18:31.0964 2712 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:18:31.0964 2712 NlaSvc - ok
14:18:31.0979 2712 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:18:31.0979 2712 Npfs - ok
14:18:32.0026 2712 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:18:32.0026 2712 nsi - ok
14:18:32.0042 2712 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:18:32.0042 2712 nsiproxy - ok
14:18:32.0198 2712 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:18:32.0198 2712 Ntfs - ok
14:18:32.0400 2712 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:18:32.0400 2712 Null - ok
14:18:32.0463 2712 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:18:32.0463 2712 nvraid - ok
14:18:32.0525 2712 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:18:32.0556 2712 nvstor - ok
14:18:32.0603 2712 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:18:32.0619 2712 nv_agp - ok
14:18:32.0728 2712 OA001Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA001Ufd.sys
14:18:32.0744 2712 OA001Ufd - ok
14:18:32.0775 2712 OA001Vid (a42cb6914ad67e1584e807ce53f1e62c) C:\Windows\system32\DRIVERS\OA001Vid.sys
14:18:32.0790 2712 OA001Vid - ok
14:18:32.0946 2712 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:18:32.0946 2712 odserv - ok
14:18:32.0978 2712 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:18:32.0993 2712 ohci1394 - ok
14:18:33.0024 2712 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:18:33.0040 2712 ose - ok
14:18:33.0102 2712 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:18:33.0102 2712 p2pimsvc - ok
14:18:33.0165 2712 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:18:33.0180 2712 p2psvc - ok
14:18:33.0212 2712 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:18:33.0227 2712 Parport - ok
14:18:33.0258 2712 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:18:33.0258 2712 partmgr - ok
14:18:33.0290 2712 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:18:33.0290 2712 PcaSvc - ok
14:18:33.0336 2712 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:18:33.0352 2712 pci - ok
14:18:33.0383 2712 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:18:33.0383 2712 pciide - ok
14:18:33.0414 2712 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:18:33.0430 2712 pcmcia - ok
14:18:33.0446 2712 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:18:33.0461 2712 pcw - ok
14:18:33.0508 2712 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:18:33.0508 2712 PEAUTH - ok
14:18:33.0602 2712 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:18:33.0602 2712 PerfHost - ok
14:18:33.0726 2712 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:18:33.0758 2712 pla - ok
14:18:33.0820 2712 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:18:33.0836 2712 PlugPlay - ok
14:18:33.0867 2712 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:18:33.0867 2712 PNRPAutoReg - ok
14:18:33.0898 2712 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:18:33.0914 2712 PNRPsvc - ok
14:18:34.0132 2712 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:18:34.0148 2712 PolicyAgent - ok
14:18:34.0210 2712 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:18:34.0210 2712 Power - ok
14:18:34.0319 2712 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:18:34.0335 2712 PptpMiniport - ok
14:18:34.0366 2712 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:18:34.0366 2712 Processor - ok
14:18:34.0428 2712 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:18:34.0428 2712 ProfSvc - ok
14:18:34.0460 2712 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:18:34.0460 2712 ProtectedStorage - ok
14:18:34.0522 2712 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:18:34.0522 2712 Psched - ok
14:18:34.0569 2712 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
14:18:34.0569 2712 PxHlpa64 - ok
14:18:34.0694 2712 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:18:34.0709 2712 ql2300 - ok
14:18:34.0896 2712 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:18:34.0896 2712 ql40xx - ok
14:18:34.0943 2712 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:18:34.0943 2712 QWAVE - ok
14:18:34.0959 2712 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:18:34.0959 2712 QWAVEdrv - ok
14:18:34.0974 2712 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:18:34.0990 2712 RasAcd - ok
14:18:35.0052 2712 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:18:35.0052 2712 RasAgileVpn - ok
14:18:35.0068 2712 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:18:35.0068 2712 RasAuto - ok
14:18:35.0115 2712 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:18:35.0115 2712 Rasl2tp - ok
14:18:35.0177 2712 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:18:35.0193 2712 RasMan - ok
14:18:35.0224 2712 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:18:35.0240 2712 RasPppoe - ok
14:18:35.0240 2712 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:18:35.0240 2712 RasSstp - ok
14:18:35.0302 2712 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:18:35.0302 2712 rdbss - ok
14:18:35.0333 2712 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:18:35.0333 2712 rdpbus - ok
14:18:35.0349 2712 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:18:35.0364 2712 RDPCDD - ok
14:18:35.0380 2712 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:18:35.0380 2712 RDPENCDD - ok
14:18:35.0396 2712 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:18:35.0396 2712 RDPREFMP - ok
14:18:35.0458 2712 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:18:35.0505 2712 RDPWD - ok
14:18:35.0583 2712 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:18:35.0583 2712 rdyboost - ok
14:18:35.0630 2712 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:18:35.0630 2712 RemoteAccess - ok
14:18:35.0676 2712 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:18:35.0676 2712 RemoteRegistry - ok
14:18:35.0723 2712 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
14:18:35.0723 2712 rimmptsk - ok
14:18:35.0770 2712 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
14:18:35.0770 2712 rimsptsk - ok
14:18:35.0832 2712 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
14:18:35.0832 2712 rismxdp - ok
14:18:35.0864 2712 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:18:35.0864 2712 RpcEptMapper - ok
14:18:35.0895 2712 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:18:35.0910 2712 RpcLocator - ok
14:18:35.0973 2712 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:18:35.0973 2712 RpcSs - ok
14:18:36.0020 2712 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:18:36.0020 2712 rspndr - ok
14:18:36.0066 2712 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:18:36.0066 2712 SamSs - ok
14:18:36.0113 2712 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:18:36.0113 2712 sbp2port - ok
14:18:36.0144 2712 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:18:36.0144 2712 SCardSvr - ok
14:18:36.0238 2712 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:18:36.0254 2712 scfilter - ok
14:18:36.0550 2712 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:18:36.0550 2712 Schedule - ok
14:18:36.0581 2712 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:18:36.0581 2712 SCPolicySvc - ok
14:18:36.0628 2712 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:18:36.0644 2712 sdbus - ok
14:18:36.0690 2712 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:18:36.0690 2712 SDRSVC - ok
14:18:36.0862 2712 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:18:36.0862 2712 SeaPort - ok
14:18:36.0956 2712 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:18:36.0956 2712 secdrv - ok
14:18:36.0987 2712 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:18:36.0987 2712 seclogon - ok
14:18:37.0034 2712 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:18:37.0034 2712 SENS - ok
14:18:37.0049 2712 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:18:37.0049 2712 SensrSvc - ok
14:18:37.0080 2712 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:18:37.0080 2712 Serenum - ok
14:18:37.0112 2712 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:18:37.0112 2712 Serial - ok
14:18:37.0190 2712 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:18:37.0190 2712 sermouse - ok
14:18:37.0252 2712 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:18:37.0252 2712 SessionEnv - ok
14:18:37.0299 2712 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:18:37.0299 2712 sffdisk - ok
14:18:37.0314 2712 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:18:37.0330 2712 sffp_mmc - ok
14:18:37.0361 2712 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:18:37.0361 2712 sffp_sd - ok
14:18:37.0377 2712 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:18:37.0377 2712 sfloppy - ok
14:18:37.0470 2712 SftService (89c8ce6971a3e571176348e237018c0a) C:\Windows\sminst\sftservice.EXE
14:18:37.0486 2712 SftService - ok
14:18:37.0548 2712 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:18:37.0548 2712 SharedAccess - ok
14:18:37.0611 2712 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:18:37.0611 2712 ShellHWDetection - ok
14:18:37.0736 2712 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:18:37.0736 2712 SiSRaid2 - ok
14:18:37.0767 2712 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:18:37.0767 2712 SiSRaid4 - ok
14:18:37.0814 2712 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:18:37.0814 2712 Smb - ok
14:18:37.0876 2712 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:18:37.0876 2712 SNMPTRAP - ok
14:18:37.0892 2712 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:18:37.0892 2712 spldr - ok
14:18:37.0970 2712 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:18:37.0970 2712 Spooler - ok
14:18:38.0235 2712 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:18:38.0250 2712 sppsvc - ok
14:18:38.0406 2712 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:18:38.0406 2712 sppuinotify - ok
14:18:38.0562 2712 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:18:38.0578 2712 srv - ok
14:18:38.0625 2712 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:18:38.0625 2712 srv2 - ok
14:18:38.0703 2712 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:18:38.0703 2712 srvnet - ok
14:18:38.0812 2712 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:18:38.0828 2712 ssadbus - ok
14:18:38.0859 2712 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:18:38.0859 2712 ssadmdfl - ok
14:18:38.0874 2712 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:18:38.0890 2712 ssadmdm - ok
14:18:38.0921 2712 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
14:18:38.0937 2712 ssadserd - ok
14:18:38.0999 2712 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:18:38.0999 2712 SSDPSRV - ok
14:18:39.0015 2712 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:18:39.0015 2712 SstpSvc - ok
14:18:39.0171 2712 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
14:18:39.0171 2712 STacSV - ok
14:18:39.0218 2712 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:18:39.0218 2712 stexstor - ok
14:18:39.0264 2712 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
14:18:39.0280 2712 STHDA - ok
14:18:39.0358 2712 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:18:39.0374 2712 stisvc - ok
14:18:39.0498 2712 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:18:39.0498 2712 stllssvr - ok
14:18:39.0545 2712 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:18:39.0545 2712 swenum - ok
14:18:39.0623 2712 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:18:39.0639 2712 swprv - ok
14:18:39.0810 2712 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:18:39.0810 2712 SysMain - ok
14:18:39.0966 2712 szkg5 - ok
14:18:40.0091 2712 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:18:40.0091 2712 TabletInputService - ok
14:18:40.0169 2712 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:18:40.0169 2712 TapiSrv - ok
14:18:40.0216 2712 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:18:40.0216 2712 TBS - ok
14:18:40.0434 2712 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:18:40.0434 2712 Tcpip - ok
14:18:40.0684 2712 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:18:40.0700 2712 TCPIP6 - ok
14:18:40.0809 2712 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:18:40.0809 2712 tcpipreg - ok
14:18:40.0902 2712 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:18:40.0902 2712 TDPIPE - ok
14:18:41.0058 2712 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:18:41.0074 2712 TDTCP - ok
14:18:41.0136 2712 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:18:41.0136 2712 tdx - ok
14:18:41.0183 2712 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:18:41.0199 2712 TermDD - ok
14:18:41.0277 2712 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:18:41.0277 2712 TermService - ok
14:18:41.0714 2712 Texis Monitor (407db52b50c8c8154ff114dcec1fb73c) C:\SIMULIA\Documentation\monitor.exe
14:18:41.0745 2712 Texis Monitor - ok
14:18:41.0901 2712 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:18:41.0901 2712 Themes - ok
14:18:41.0963 2712 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:18:41.0963 2712 THREADORDER - ok
14:18:42.0057 2712 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
14:18:42.0072 2712 TIEHDUSB - ok
14:18:42.0275 2712 TivoBeacon2 (75ea1a81c9bd03f2a768901ec9db2816) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
14:18:42.0322 2712 TivoBeacon2 - ok
14:18:42.0400 2712 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:18:42.0416 2712 TrkWks - ok
14:18:42.0494 2712 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:18:42.0509 2712 TrustedInstaller - ok
14:18:42.0587 2712 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:18:42.0587 2712 tssecsrv - ok
14:18:42.0650 2712 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:18:42.0665 2712 TsUsbFlt - ok
14:18:42.0728 2712 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:18:42.0728 2712 tunnel - ok
14:18:42.0806 2712 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:18:42.0821 2712 uagp35 - ok
14:18:42.0868 2712 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:18:42.0884 2712 udfs - ok
14:18:42.0930 2712 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:18:42.0930 2712 UI0Detect - ok
14:18:42.0977 2712 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:18:42.0977 2712 uliagpkx - ok
14:18:43.0008 2712 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:18:43.0024 2712 umbus - ok
14:18:43.0071 2712 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:18:43.0071 2712 UmPass - ok
14:18:43.0118 2712 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:18:43.0118 2712 upnphost - ok
14:18:43.0258 2712 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:18:43.0258 2712 usbccgp - ok
14:18:43.0305 2712 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:18:43.0305 2712 usbcir - ok
14:18:43.0352 2712 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:18:43.0352 2712 usbehci - ok
14:18:43.0398 2712 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:18:43.0414 2712 usbhub - ok
14:18:43.0445 2712 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:18:43.0445 2712 usbohci - ok
14:18:43.0476 2712 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:18:43.0476 2712 usbprint - ok
14:18:43.0523 2712 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:18:43.0523 2712 USBSTOR - ok
14:18:43.0554 2712 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:18:43.0570 2712 usbuhci - ok
14:18:43.0617 2712 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:18:43.0617 2712 UxSms - ok
14:18:43.0664 2712 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:18:43.0679 2712 VaultSvc - ok
14:18:43.0726 2712 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:18:43.0726 2712 vdrvroot - ok
14:18:43.0804 2712 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:18:43.0804 2712 vds - ok
14:18:43.0835 2712 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:18:43.0851 2712 vga - ok
14:18:43.0866 2712 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:18:43.0866 2712 VgaSave - ok
14:18:43.0944 2712 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:18:43.0960 2712 vhdmp - ok
14:18:43.0991 2712 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:18:43.0991 2712 viaide - ok
14:18:44.0007 2712 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:18:44.0007 2712 volmgr - ok
14:18:44.0069 2712 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:18:44.0069 2712 volmgrx - ok
14:18:44.0100 2712 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:18:44.0100 2712 volsnap - ok
14:18:44.0178 2712 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:18:44.0194 2712 vsmraid - ok
14:18:44.0334 2712 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:18:44.0381 2712 VSS - ok
14:18:44.0600 2712 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
14:18:44.0600 2712 vToolbarUpdater11.2.0 - ok
14:18:44.0756 2712 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:18:44.0756 2712 vwifibus - ok
14:18:44.0849 2712 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:18:44.0849 2712 W32Time - ok
14:18:44.0880 2712 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:18:44.0880 2712 WacomPen - ok
14:18:44.0943 2712 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:18:44.0958 2712 WANARP - ok
14:18:44.0958 2712 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:18:44.0958 2712 Wanarpv6 - ok
14:18:45.0068 2712 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:18:45.0099 2712 WatAdminSvc - ok
14:18:45.0224 2712 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:18:45.0224 2712 wbengine - ok
14:18:45.0660 2712 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:18:45.0660 2712 WbioSrvc - ok
14:18:45.0723 2712 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:18:45.0723 2712 wcncsvc - ok
14:18:45.0738 2712 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:18:45.0738 2712 WcsPlugInService - ok
14:18:45.0832 2712 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:18:45.0832 2712 Wd - ok
14:18:45.0894 2712 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:18:45.0894 2712 Wdf01000 - ok
14:18:45.0926 2712 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:18:45.0926 2712 WdiServiceHost - ok
14:18:45.0926 2712 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:18:45.0926 2712 WdiSystemHost - ok
14:18:45.0988 2712 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:18:45.0988 2712 WebClient - ok
14:18:46.0019 2712 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:18:46.0019 2712 Wecsvc - ok
14:18:46.0035 2712 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:18:46.0035 2712 wercplsupport - ok
14:18:46.0066 2712 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:18:46.0082 2712 WerSvc - ok
14:18:46.0113 2712 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:18:46.0113 2712 WfpLwf - ok
14:18:46.0128 2712 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:18:46.0128 2712 WIMMount - ok
14:18:46.0206 2712 WinDefend - ok
14:18:46.0206 2712 WinHttpAutoProxySvc - ok
14:18:46.0316 2712 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:18:46.0316 2712 Winmgmt - ok
14:18:46.0503 2712 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:18:46.0534 2712 WinRM - ok
14:18:46.0752 2712 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:18:46.0752 2712 WinUsb - ok
14:18:46.0846 2712 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:18:46.0862 2712 Wlansvc - ok
14:18:46.0971 2712 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:18:46.0971 2712 wlcrasvc - ok
14:18:47.0205 2712 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:18:47.0220 2712 wlidsvc - ok
14:18:47.0423 2712 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:18:47.0423 2712 WmiAcpi - ok
14:18:47.0517 2712 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:18:47.0517 2712 wmiApSrv - ok
14:18:47.0673 2712 WMPNetworkSvc - ok
14:18:47.0704 2712 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:18:47.0704 2712 WPCSvc - ok
14:18:47.0751 2712 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:18:47.0751 2712 WPDBusEnum - ok
14:18:47.0829 2712 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:18:47.0829 2712 ws2ifsl - ok
14:18:47.0844 2712 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:18:47.0860 2712 wscsvc - ok
14:18:47.0891 2712 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:18:47.0891 2712 WSDPrintDevice - ok
14:18:47.0891 2712 WSearch - ok
14:18:48.0078 2712 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:18:48.0110 2712 wuauserv - ok
14:18:48.0297 2712 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:18:48.0312 2712 WudfPf - ok
14:18:48.0344 2712 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:18:48.0344 2712 WUDFRd - ok
14:18:48.0406 2712 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:18:48.0406 2712 wudfsvc - ok
14:18:48.0453 2712 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:18:48.0468 2712 WwanSvc - ok
14:18:48.0546 2712 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
14:18:48.0546 2712 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
14:18:48.0578 2712 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:18:48.0843 2712 \Device\Harddisk0\DR0 - ok
14:18:48.0858 2712 Boot (0x1200) (9f5477f10f9c3e362e7938456384683a) \Device\Harddisk0\DR0\Partition0
14:18:48.0874 2712 \Device\Harddisk0\DR0\Partition0 - ok
14:18:48.0874 2712 Boot (0x1200) (d62b9f453fb0b4c4014edebfb847b8c8) \Device\Harddisk0\DR0\Partition1
14:18:48.0874 2712 \Device\Harddisk0\DR0\Partition1 - ok
14:18:48.0874 2712 ============================================================
14:18:48.0874 2712 Scan finished
14:18:48.0874 2712 ============================================================
14:18:48.0890 4588 Detected object count: 1
14:18:48.0890 4588 Actual detected object count: 1
14:18:56.0081 4588 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
14:18:56.0081 4588 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 14:20:52
-----------------------------
14:20:52.349 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:52.349 Number of processors: 2 586 0x170A
14:20:52.349 ComputerName: CHRISTIAN-PC UserName: Christian
14:20:54.517 Initialize success
14:22:00.851 AVAST engine defs: 12081300
14:24:05.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:24:05.339 Disk 0 Vendor: WDC_WD5000BEVT-75ZAT0 01.01A01 Size: 476940MB BusType: 11
14:24:05.370 Disk 0 MBR read successfully
14:24:05.370 Disk 0 MBR scan
14:24:05.370 Disk 0 Windows 7 default MBR code
14:24:05.370 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
14:24:05.386 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 161792
14:24:05.401 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461500 MB offset 31619072
14:24:05.433 Disk 0 scanning C:\Windows\system32\drivers
14:24:17.835 Service scanning
14:24:47.209 Modules scanning
14:24:47.209 Disk 0 trace - called modules:
14:24:47.256 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:24:47.771 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c41060]
14:24:47.771 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046aa680]
14:24:49.362 AVAST engine scan C:\Windows
14:24:53.371 AVAST engine scan C:\Windows\system32
14:29:41.925 AVAST engine scan C:\Windows\system32\drivers
14:29:59.163 AVAST engine scan C:\Users\Christian
14:41:51.648 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
14:41:51.648 The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   567bytes   1 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 AM

Posted 13 August 2012 - 01:46 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the 3 logs for my review. Let me know what problem persists.

#9 caappold

caappold
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 14 August 2012 - 06:22 AM

ComboFix 12-08-13.01 - Christian 08/14/2012 6:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.2543 [GMT -4:00]
Running from: c:\users\Christian\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Christian\AppData\Roaming\PC
c:\users\Christian\Documents\~WRL1827.tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\SysWow64\OneWay.dll.old0
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-06 02:24 . 2012-08-06 16:29 -------- d-----w- c:\program files (x86)\STOPzilla!
2012-08-06 02:24 . 2012-08-06 16:29 -------- d-----w- c:\programdata\STOPzilla!
2012-08-05 22:47 . 2012-08-05 22:47 -------- d-----w- c:\program files\CCleaner
2012-07-18 16:32 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 22:06 . 2012-04-01 16:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 22:06 . 2011-06-22 23:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 07:04 . 2011-01-25 14:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-11 16:32 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 16:32 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 16:32 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 16:31 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 16:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:31 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 15:43 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:43 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:43 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:43 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:43 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:43 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:42 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 16:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 16:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 16:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 16:32 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 16:32 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 16:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 16:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 16:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 15:49 . 2012-05-31 15:49 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-31 15:49 . 2011-09-23 12:00 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-23 02:05 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 17:43 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
"Akamai NetSession Interface"="c:\users\Christian\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= 397c2e1328947cac13e786ca49db27ac955fa844b586daf60d75629c9d8055cd3190055fd7c81a2a9668e40f5df1ef393a89d8a3cca260dbfbd7bf05e6163a221d04f893119d12d8c81be99ef0d61abcf988f97aee6283d434cccf973b0864396e67a1b1b5bd5c8c3f12ca3e7e9a9fb673e776352b5e725f8ae8269247e9b27838762fd8d0c24eb2e5da3b8ab793c8042fc0c7b164a8b72963d7b7a45a3073481f08b27614e90ab8a9548a377652a7dcceb579b597a0289a594aa01094fe8d6d5766833d0e0a7ce59c148886aa56c0253e8e7c088fe8c66317c40e33ebba1e6b48db514e6e3aaf001cb1ab3ef0cdcbc5e97a412f8840436a598d5b66d6056b108819ee846fdb827ea410a3123d87ba9e71aa56fcfc53b9fcc5e19611bf8a194a0df2288469fde8dec6e2846e34822a3205f755984a2e6f5264ef3bfd77b723ccb442fd10b9047d7709ca4fd4b99f63236bec89c780e43d178a1fc4190085788d366e5f2e8c070334e5f87e1d5b44d5ad3070873408e7650f569da37115f33063bfb8da430a633c36295b9798e6bbeb7ed16ad7192249ff8e42b1b0018e1cc7f35722cfcf2da869bf5d54f1c4b8435e0696ff6a681babf360b981a206f67fca6b705c932b1ec15746d8b64c2b1ac05a641605d8719ca6968d847bafb9d933a4c43db64e6e806518ce72a36af1f59468c45624dd34dd4c7293a290243ea3cdf57d1431e1aaf68b1396ebc5592849aed6476dfdf6fa5193a7ce610197c7788b4ad8bc96eafb8eb4171c765a466a394ff10ab503980c0d23069e066ad57fb1ba34b74b6be88661e3919a37672f846b30e46dd6c2fb05b3792abd036514362f5712f9f03c33686caa8197f4a1b9879107141067715030cb357c896d8cf9c7d33c8b6d0674b1d48bf73270947cf956785522fb6150553f44db53aa176bcef53e1e7ecc469e71d2d549a3e6e190cea4219d832fc1397a2efb5aec261521668da65e1d57b72138253530ac246943a5e17a74275f34f1f56607f4b21f53f546dee21d833fb6ff0874068366dd832282d9df593add90574cc3d2f97364ebf9d268b262965d52d048d8074cb5c0f7bbe6f05fdcb82025cd5d05369553781d6597d4d41d16a0da12646e850fb0029a99f8b71b78791f60726aea695ae909734a3612c92c1fe7dd7fbb9297575b74eda6be9fb4bbea8480b608e5c10428a36d8d203d56f0e666b48f1fb50ee52d9e5e1969a170d3adc18b4e163853ae0869ee95721666f153d34e177dbba916986107456b09f11f5719875124ca68100023d2b0c5fb280a737b4fff9f1e332ad3a18cb89a325feb41c072bee6bb03c8d21bb96208a3db0c1e67c00d4c8c875ac34f07b940480926e0f0b57636624b3a9b5e14e6c59397339b1e0fc1484e1d018faac4bb525e35716aa5f0cbf868a10a8713d31aa60f1ec44692a82563bbec5fe7deba8ecb1c7ffd7f38c79a8ca500a877e481b4e90ccaca0eaa0ee83bcceeb3d35988696ba4b0172c407d0c791508ec8dd2b370caf9e72211538c574290a4dd838ea71b357b1b4f263a651b0809df4022602ba9451cc6ab02dce08b1aac6b4136e1727bd843ace5927251a875822c30cde9f1330b9bd2ef03734db3f758d548a034915fb13c0b7df9c399a92c3d2d2361f734b01606be32757dde7bd5e3546384e56918c4471bb613207a18b04752ed5a090a0e5b1dcc0ec5d9e613fca571e574b13045bce3ba80bce913dc443a7b39b1a36933b309370f90687d53bd2d8573f6f900ad8da2f732037a0486d5d5c12998c5817748283ecddee5d3ed20726ba4bd9a3aa9997d6bc966d859417486016cca47b79e75c1a3194f20c4427ce5d23f4a63dfc7ec115526c8d15b7bd5c95723486eb1756fe1dab0dd7f8e31c7b356eaae0f500f3e9c3212776e8dd20a7b4f0f06ac8c22b3357eebbe22ca0a9733045218ea76a27a67e21d161d62f5c6a83276aeedae5f263218b2b23c330034b40de660cf1cd8712e8c1d1a03d81bc07698d5e64799b2e9b43380ed9dd7b817e6e804fc1dccfe5a5d423b0672f688263d527395a05a980ed2012eef842a387b1bf56c640f4822719fbaab7ec3b0e4c362c50b59c570d1f94be0b0075f2b7ed0a8a843107f9948b8a60e70ee3705cb54dad6698d3bcf6cfdbc1b61d166e8d140b926c812103658635bd92038934bbbd3c4f8381419ecbf92a28b78ea5482a85752fd1d846a1acd9ee39ebaac76e719239a22b2b504be8a6b6f21c0f39999b53b8e956f3e2815401ed75fa2749ebff466e45ec20ef4579b771eece6ba23a69555a37c5686eb520ef80ebf83a1371358eb3d993f1278196acdd4a1423023855cd1b8a5a92a31eeed3e9424727f9edefdf057d20187ea5213d5b417959ee89b3ed871a190f422b806995ad88c94045006c9bc59917034f10b7ed7e7d560ac32d7ef7c86c5a13729a1fc94038251f8f593a6996c5ef4e3364b931a9463f242905a8b3c91cd16312cc8e5fd333d8b1122378e7bcdb8c2f55a611a3ae8e44aba725ece93f7e82fbdd868828481ad313c4bbcfe30a16444db6219805b87fe112206443ceff6b373fcf386d779c47cfb3a3b2cebad5d996df90ec30686de400c4091c4e9ab86811b223d4c2dcfc545d27173ba305dd9497ec3f645d133ab5b33606e76f62342df47c3e7a906734e4cd51c4f90705d9ead3cd0fcb02290aa209df823e212adbe0a5a61de62d3b9cafd21b083378493f2e3d0fa1c86cba0a3c3d7729017d1e64fc7388efb1692eddcba0b892f9160412591fbe12dfd5ff476dfc7d9b0b20a1a135fc2f8a36bad4bb26e5389a6d4c7ea24fd8e76198dca34c511e439fbe15c575501bb40c75dc9ee7a53ff42d7723febe182c389c9c45312bc7abc7500aa7d7e3f20c3fa23b2981b22c7571e9c1a632a23bc187c195802c181bbe94dc30f947d4881785f37322940fded175c2fff27997190b4769633d33e08bbdc816b5026c47dc31178411f4a295c814af8bf29204b86d071c3203cbd6eb113e33fb4ede8bbe5acf4f45e109dbdbb0086681214418de0328cfbe8625f9cfc8230da6ee80b62c847e528bdd72eab5fb0a57a917770f7c03d6c5bcea4c2fa4f44bbc8f84dd51d546d15b5b9f4a0fb7b3685875f30dee5536f1798af5c2e8d5ecfbe5bb6c42b70a0c81de5a4d2fc8e157858d0976387b2df019036ba7947e951e4bab9abbacc07738a20fdfcef392282bfdf2bb385c4146d326770ca0f39fe5af6fe7cafc277c01fe6043e04c5f7f182c9b79240e1ad2e2e184ebd6ece054af3016d544dcac473c32b9c3ea307d46dd672c73bb72bc30e2567bd5ad7d143c3f0ceb182d405a809391fbcea81cb6df5470659a0389994afac24e3e70654d8b1ec1f4a2b50b86756814a84cb084718aad0fc0cd48b6a325a50511234898ded370ca5fc4188a2f9b7231de031619cf773481f0c9fc2f5feaa42d47e0daa2917bd6cad6cfa5cf039c2b136dbbe56bd296fb0a3d58e240d820588c9d6afd832d15f2b555d23e55226ca2d04aba3a2e49588492a481bca36b950dd2f7f2cffea2ccb690ddda84274101914d3b6197d9d894ab72725a03af90341e68fbaf67de897e3665fdc5683dd1ea0b84cec24a74fb1adbe30dc0474193ec3cf88b3642afd049d35f50cf03d1c1a7daebf971cd680e9a8eb4d969d5093ade614ae62f0bbafa4f8034214e4d25d692f5103531cc62c780b23da669d9356cd1953bceb0ec3b9473abd94a2ab256b2b24c1bff2c24b339fdfc59164370d0e3049b1cf260004ac4d93723389aa10f0cac277ebe783d2d3735d2f371a2dad33012407a9564681dc1a1ecbca28af29bc73add11b8fee9485731bc1207dab472fb61219e35735d7738d22aa6e7afe6f507c3e1954b11a508abb3f5e29c0c54c26b5f8604806ddda4af08cc1f806315cc6f593e461cb5bf14e09d333cefaed62064387785cbaed1d247ca0637c3956b374d341077328945ad52b445dd93a0b6cbbabb3c01da991e6ab3e4f70ffb0efeceac2110d0f1512653d2f189427479223cab489c1a25378d01d295f2450491307e9f8d880651031d483a2f74ef8dfa93c6439033a85c5d2b3aae406a46b2209a3985e4f206f2b2eec1277f1f7fc376a285e229141a5d03c5d4076255c5929523acddf3c9f789630b1b2d3f62d194eb1b691ec066c8aed80c181673388caf3a04f8ca6d9ef0d43e56130ae66d43ba479fcdeaadeac714359a77eff6658b37f2fd5f0e9d57e6869dc14e76d8c110de6a18da14c446228e33a8fb73e5cda050147b9c4ea54733213ca83eb71533d01a1adb44ee4a2da09673ae998c92f02a5d7a114749a0b007493a876fb1445ed33d7f430b5abadac8e7686ab30f327c918bc89a7aea7fee36d567247430af0403bb86792595faf4bc598c7f52c6f61106471a0bf4f0620c2010237a425767a369ccc833b6813f2d465c997b281a5b57dee2deda353be390791059d6af76700ecb5a03acf94aa6e7fe4e09acfb5636c864abd581acac4e7bb39c15293a7d24f4da78d2bd403e6195dae53c9a7fa2d3d810b5ad98df18c29b945a07d463b1c2e0ca5f3acc618f1e6bb94ad6a4ec1b9cdd0781b4d988501b556acb081a4e9be43defc81453425c770fd2dc76c4ea55809cc7261debe8a912f66f850149226f5d86e5be739a09c83eb4d872fe6a3f4dc41aad978c5547322a46193316780387929b763c9030427b8c74500a2f15565edda78a1912ff9ded7a2118360df0bc06ac2a6664fc7bbfd4ec21f108ed0cbcc60958d3ac9c587132830f308de8d9ffe4f81286e1ff46d0b45cd43a561fc6a4d4fbec0bafc1cb5eb78b5ff0e4dbe8fa11047c3d735c0dd3d27bbb49d98f3a922168eddbee09fa1c9f7ef2feb78fdb0973b2843fba851bbff98cda27cd0607c74944a584b0f1d5534f4cd65e96606519f16c2fe39ab1aeebc665c0903065f9eb3e913a572755c4754b6219f96489fc38f7804fee3a63960faedff7995b1063d614f6a98fbbab7457bea551b269f59ed594faa16cd63625519a277dc79ee9aa3cd2e5f02e58b9f7ffbdf1ae4816a61951dc7f421f31fa717229d4a1b91228839eb391078e84df3b3cfbe194da43861284217e09d4df6813c2782d2aee549b599a6c258c4238e687c88fd823682d4eb759a4e80efc160f0eb2c4128ed622a0f95935a74c52b5e4402a78f011da7dc6f1245ca9130a6b899d37ace68894eb9bb9844a7bc7359b7e04a4db78c7d493bd857c5ec93f9a9238794b2b7fedc181284b96e8bef3fc9ef9de02461fde00365510a5737b2a2a261549a5b8c0b0894970ed8dae6fbfcbe5dfd1c6f504de911934dcef090cd2e726287a74d3df898f70a6ee05e5161e9da5c06e5609a2258f8411cd77137570f5333be08151fa1ab90c1bf83b49ba4c07a10358119c789537d55faf4daf5167c5d2c5b2e005acb2f4fbb03b37d4080568885bfaf7704a229e088160eaee4f3e521e423fe1684074b89601671586cc81f4ae5b29f4f88f2ab0a01cd818ca697396365d357d3fb9c9d63f86743229b9f3aa80d81312b920c7eb6d6d0c27a17a3ca212996b360be2752cce4b9d2eecf419f99d941837bc7fa0ff34edd3d22d54453457d5f0b425f71f080143c0bfc7bb9bf9ab60df2b876e6b96d09791186a150effc4c66a822243e3f4063fcd9367527716251adcdc40a28b160a15f52e41e100d8bdfed59412fe4fb081aa3789a805cd05069c5694298634ab0630989a1c29b07c9a518955ab08bd80b115012028046a03e508807c9b48bb2ec24f67e9f03b47b437e47f194b75fa2d923ab4f5d30ef7e232c5779d6620a9aff8603c67a531c382b726c80ed9ed3cbcb06d36473f2a27bdee7aa7d2576933ea5eb9c31ea04d82458266cbdcc4eac10da4b8171582b0e8721f393a21392914f5a182f29f124dcf2659b36e2dda02a3e57c05d2d346ccbc7f7adae704a13a26441ee0692e3c4c1a5aee7f49682bbc96085ca9162aeff20738a857ec58dd2df0fa5e3d6eb15c9c57c81649855456fb3960bbc28589dc12e4cf754ce9ea1b3e0203cc736a45aaa17a99366ef3bd4004414fbb595ec07a1837e9f37eb060355f5fd1c4e7678fa088e9f740b74610fd77666217b3b4537634cf8b372d28cba50a11d4d067602b5c87d45251117569bf5d90007b3d89baf8b2484d2cf92ca8b3bbfb22af989513e9d4180f103cfd536a5d732f90ccd135638c0130a4276b22740be550b69028e92791c9e8b576a3969f625883b79ee74df9aaa22724c90ba0a9f806da8e597b6681300e0fb690dc8c0575686e4ad9640849c9df258a4384533dd722a0ee9b470502731964c2981de0c698ca24d37aaebcaf60840be884ebca4077f6341b620b6e4379c85edfee7058c056222cbc1ff17cf55a53b5adb06d61e95f08fd40df76f91fb001c76c860e2abd0949eae6633dbeb19223a8c360717928e0069257a94ea281ce97911e738bcf8617f09ed2776878f32c390da5a715a41189fd7fd9075d9a4cfc15c7afd516fbb13c62c6b8815704b2ca2a26fcecc2ee752ba359f045882842c9cc1e8e30eeb282587058c27390a6eeaef269f10962406eefd2a8ae4d9a432e90c7e8b6a27964b552d71337099952c3af0a3b6e747c03dff3d68e660421bc12d03a6fc2b3ba3576bcc3fd72a0e3fbff56745bc101c5060196683d1e9c927c3bba1f2a390fd8a15d1b145a137a733a9e8765e9fe33650749d92d6de54ec1e049025eb79dc8159e4bac62dc73623e47bd45b4675c7253ec763d3e8ead533ecba12b30bc20dc8f7ba2d90684efeb56c212695fe129ca1dbbe14039146bd84d9522fac26569f2b7e13c15677896161b7e82d89e0c7be851eb63c6f75b47275a88dd3d15a67bbfb7397f81dc5b989c7efffa5e482c9ffed6376495c717af76467b145df03f37b8768e9706ac01f4d98275a931fc42b60cf3939c4edc33e0b5cf188edb141f0f51eadd11d8325b2e4353c25a0fe22ee1666d26848318c258e2986d5e81ede69932ad477da3936e12fc91bb27aefd448b19b20b8a91c9f6e2ce78a144b9495a0b5f5296423c99b859629929e95906d1f1a25868bf190b7e5610c1d640ebd1b6e1e44a2c49b91b0fa18f9172b988980eaab99af7cdaa409444557537e8be7bc30eaa81e5ea7dc817eb1c8e0c52b810d301e44369f593c8e1aa56434113f53717ecf62482499114f14f7a7be760719c686a12d24dd8cdff5f2f104cce00f2d026a31ce4d3cdda094734f43026025285a895cae8af17b8b829a9d0e6e464756e242863f76deee921b53a66ccdbd26ef767142370f90649008dc19e6eacbcf7c3bdadce1a124c3214b33b3388d1651cccab4b71b975fbd311dad775fbf83feeafd727400994742c2f0f8dda499ca366823edcaf2ee8f1f84c8949abc6337955f06f3b15482a46ef468e9f98179ce44f35ea85cfb993ff842bc334df1d9982a7739e44086510bc15ff1e82e50bfdf697be4c112d8e505ef107d75c36e1ea92b69d0ec97c71253166a0df4bb241b5346cd871d00939319e792c05b0ba449ba387bf185d5edfe720c8e86d72b84e91d4b979f712f8834bc6ea490d6d5987cf6078762986e665a54953758500400f6c30535f04b481498c1d8ce6e774ee7f2be44dfb6ac0d12b71ca3ddedf5e10221b0f34eff140a796c44544d19fc2b0a59188c0a3056cca1ac5c864778fdd8f9aeb895cfdced811f24abc41834cda8d5067590b7ce1ce811dae01e25bd1fee50ac44e38128e11befddfe4a0ccbb101b4a3ef31ab74a2ea4686fc6968860a52b0e48c3af17a0468e36e0ddd1859ee91e631a96f005143ebe5d26da74637ec62b062692ec4071a7ef2619e7f852428ace0b2df9c0791851f611d578abb7a354f91cd03d189ac4f7641d234fd4a187e1274a00e1f4d548066e48f0c4cd3bc19aaf87c597a1d92c66214db9ff92e35dca448d764fea0da807ee6f890539793fc9386f96e95bbe63f9b814a2eb5bb4d58e277916477c6b7ffc5ca2488f610050c382090741d538dfd42e516dde92f4b9b747fc7280a4139ebb79d38f1dfbb61302fe0efcad3db8c90ea9f67c53731872519c55f26bd23a27e925058e5fd6b321c4ed51b2ef3940ff6ecfa30e17f8117f52dfa6813e4e7a979957625548a4ace2ad2525dcb453d1384c7ed9a68f22be8a2139a670975e953f5e34d6351682fabf25921c12795171f920cd4c8367ea22ed08546546bd633302fc4fe537a0512cb31b9a54959a8e7ea7fe1cc89ccc20f4c1b4a551b08b5bd2a45fe24713df4eb5df790fbc53c86061ffc1a0ff4ee352c9177b88bffcd10b3365c0b0c8e69eaa276f5b72668e4d9351c5ee5ddfd76b75ed909c22df8dce9a43fbf3bfd833d1e82b0c78d4d42788777bf4b6de93f8cab6f2b8c9a0e4599a598e92dab7d9266a5e49fb689fb58dc6e8b2c13f0cf3c89d6861e12f247da1e491539e8743340f14639f7c6adb0686e7ce13b02dbb13edddc3f23bcd3d913f5531d42b8595ec695c649a93e13c93d8f4027afcb0d76df296d2e6f8f38171a9d206948ede631df99cdf65bfe4f9d21c0108a100e10085a28fb24eb921ea77305da6d744e60f8b42555ef9578becbf4bd0bd45086544c2f56e2eabdb3f189b77cb422877d9af8b041d0126d2707ee95b87774c2382429b27b60a5eefa9147a9263427eafd22954ceeda1220c79160204abb0cd8284f060f5b72a93fc491854712ac6164e5f5805e339924ffebde51c9d96ed3e8caf28266f0e3c59e889d55f3b9b644c2c08d3d944a260d99213562520b78d3d98def4a21963a76bdac81498ab268ebe327c2eee058fa28d5d4b1be1c21a88215ade17f6a0701d1984ff9baabebe5f3487c3440f1110a47859ae2a2069f78339f32e6b8e6220d9f5e71361b40b308f9777baa5eaaf927432d24d2fe09a93442347b02471d1b4d258617f98192d1706c1f829788557f016d7fba634b1a8b49d02cb1074cd793f1132ecccf2247e78b0692672dfa690b0950e850ec3712fe3644e8c447273c0ed6779d4085db616409c18f793253fb0d25a6b30eec359add328f53a4474c61e96a458c644804860ec07ace7be9f0d56956405f9999452ddd0590d973b85d0191d9f4c5a7411f35d86f931e8c4196eecea625401d325c4f112939b141daa342652eab5db8801153a0af0a15917240342fec1b0cb3813f3b8fe7565855800fe2d5e7667785c8264727f6adc7a5b7f0f6aa4062be0de92d49f2ef40e2efdb0e042798e4947ad8c267f9b26b059d90b8ad38483199ab89de825a795b67dd9c2b8bf8f84ebcce7716db518c3699fd191c7fc69181314f593ef35c75616cb28a6080aa3d3b4d67db2a6b8b38fc80f1500a8c6e3c6179105f23f2a3e12a797a5eefb46bdfaa081c09bb697d94497196ff29af83820141bd45ada59acfe1cc18c11070d6c48da863c0f0babbe84ebc300f713f2ec580b902c067c0fde10fe281ce1b8d5cf2d52c54c46893034d4f9de6e40d13b03d1fd0e4a22f23a27f8a75c124d42c1fc7face35c8696aef397e34ba9e3d6fdef145900eead103a03d7c27e2b4a354b6625d1cbd73f62b3e2389c2c8d5c467195febdb3fa9204dfd76e1cd7081d203f2ccbd213f35d716d64a4505a25edef5dadc33ca26dccc7403f4b5666851394aaa06eeeaf39da3f193fc0a732e0b7e754e7afdcff98dd077e07a6000d9124b618fa4b7f8781fe6cf08760b1d25495d10dac169c94fbbaca8f92a61cb0eb698d13ca988e49a0c26f6df0df64ad1a42237b60177c929b6fa99e827daa01ded9c5f11b78121b940ae8af07e8973031c66f5722b63c4f51590bfbed254c5fe5e0cc9aa6af4297f514b3b434fb2294fedd5004ac04e033753c645b2625e7776cd494dfe23bbca483eb72c617ab850c1362d3b684628002ef65ae4544c3fc15e8e96a8250414ca28ff5999231a232ae3c0c2de58efcc41ec3b11321315d145234d2d6566d6dcbe6ec91fd9a9ada7f70935f69507f6cb12d9e50d60f8ab9481b16ebcf6cceb207b6cc5a5f1361cbb9cb562df8efd6a64638fc2742f7d4351b5cfe6e1da24d96a589cd39ab7f6a4ca79f61083950add42282c2b78d9660a04d5d66534c6bfb75b3ddd1840b059626864f894e8eb937477ebc779c722ede715a74d3cff738ecb971f71a7b5efbfc291108056911e6e845fe9aa3b3f79ad5ca050801cf0ee30a9b59bf27c10da60d25e46577a05b3241082bec4373d3a858cb1ca56d9ccaf418b99de36671c560a787db0bf4c69f8065fb6bb02d846614f732dbd43bf16e37489e23a7a9893d2f69a69f7d25f4a06cbfb45677f2df41d5cde4b19a19e99c0358d11cef0ee783df52a216842181b70857ba9df31ccf28bd23bfabd9df0d1934c960aa3291a6fe168b0f3c3b918e8a31e1f7364fa683c586b6c6a61dac0cfce57d1965eaa0c87e649d290fac2855a2faa78be8a3f0288394cd17b814d8096f8d46b96f42bc2bc433bdcd01dacce66564e3d60d8b870b4512ea96f29c8b6fab7d1c39db46e7241f0802d7af743cbbbc5c757120d44166d75ecc89e51491ca475731880b386ba459f53e06f95566575fee88da1ceb6a3205172e05528c88f738e946f4be05259625dd622472a3dc3249923b792aa16a5b2d2a34b3f79fc906a4bce829fcc2d0091f303e0105f40e02def1edf9f8daa4d654a80e0adb0d688f553bca670aaa178ab1d1ad8705fdf27eafe16840b39d5412b11e297f2a2bd9877b4e066a98e45daa3ee0a29280bef0ffa447a0979c43e33db3f2e80d9d5f9b9a83a96c22b141f1f67a4e2b837a9b5d941818b7d289245cc03e8cae20f1f5ad2a0841feb5e77063aad13cc4f6d125c44e4ea58fcc4f83cf6a9a26f0d919f986f11699e7ae2659bea9b5e85f177320d8a59cbc70a0d518cf8d19e1c1e14f308e07d00
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\drivers\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-06 1436424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-05 114144]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-05-17 37456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-04-28 55024]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/03/12 21:36];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-25 01:19 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-22 673792]
S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]
S2 Texis Monitor;Texis Monitor;c:\simulia\Documentation\monitor.exe [2008-05-05 4493312]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-13 138752]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 59392]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-19 158592]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-19 318656]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:06]
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253916368-3647543942-1457196405-1000Core.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-12 22:31]
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253916368-3647543942-1457196405-1000UA.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-12 22:31]
.
2012-08-14 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-13 18:24]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 14:31]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 14:31]
.
2012-08-14 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-10-01 17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 309760]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 141.218.140.6 141.218.1.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\vnszhxoa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-08-14 07:04:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 11:04
.
Pre-Run: 95,487,729,664 bytes free
Post-Run: 95,086,768,128 bytes free
.
- - End Of File - - 9B9373E48A0431D79809DB9AD1CE305B



Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 32
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



# AdwCleaner v1.801 - Logfile created 08/14/2012 at 07:20:50
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christian - CHRISTIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Found : C:\Users\Christian\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Christian\AppData\LocalLow\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\vnszhxoa.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6995 octets] - [14/08/2012 07:20:50]

########## EOF - C:\AdwCleaner[R1].txt - [7123 octets] ##########


I will try safe mode and see what happens and will post results in a minute.

#10 caappold

caappold
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 14 August 2012 - 06:37 AM

I'm not having the FBI issue any longer, and the sounds have stopped as far as I can tell at this point. However, I can still not get into safe mode.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 AM

Posted 14 August 2012 - 08:22 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 32


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

===

Safe mode issue.

Quoted from your first post.

everything appeared to working normally but It wouldn't allow me to log in as "USER". Instead it forced me to log in as a guest and is preventing me from making changes to the computer.


Are you now able to log is as a USER or Administrator?

Do you get to see any options when you try Safe mode?
Do you get any error message?

#12 caappold

caappold
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 14 August 2012 - 08:55 AM

I am logged in as my normal name, as administrator. It no longer forces me to be "guest". As for the safe mode, it just restarts. I boot the computer and get to the safe mode menu. I choose any of the safe mode options, (ie safe mode, safe mode with networking, etc....) and it will start to load. I get the black screen that scrolls lines of text and then a "normal-ish" looking login screen comes up. If I let it sit it will restart on it's own. If I try to login it will start loading windows in safe mode but before I can do anything it restarts. I can continue to try safe mode but it just creates an infinite loop.

Posting this while waiting for JAVA. I will post the adwcleaner log when it is finished.

Edited by caappold, 15 August 2012 - 07:35 AM.


#13 caappold

caappold
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 14 August 2012 - 09:42 AM

Java keeps getting stuck. I just uninstalled the old versions and will update later.

Here is the adwcleaner log.

# AdwCleaner v1.801 - Logfile created 08/14/2012 at 10:34:46
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christian - CHRISTIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\Users\Christian\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Christian\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\vnszhxoa.default\prefs.js

C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\vnszhxoa.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7074 octets] - [14/08/2012 07:20:50]
AdwCleaner[S1].txt - [5529 octets] - [14/08/2012 10:34:46]

########## EOF - C:\AdwCleaner[S1].txt - [5657 octets] ##########

#14 caappold

caappold
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 14 August 2012 - 09:47 AM

Finally got JAVA installed.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 AM

Posted 15 August 2012 - 12:21 PM

Lets have a look at the SafeBoot registry key.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users