Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a trojan horse dropper.generic_c.mmi


  • This topic is locked This topic is locked
43 replies to this topic

#1 ajlaw85

ajlaw85

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 07 August 2012 - 01:01 PM

I recently got a trojan horse dropper.generic_c.mmi virus and it started when a Adobe Flashplayer kept on trying to install no matter how many times i closed it, I then had pop ups from my AVG saying i had this virus. I ran a scan on both AVG and malwarebytes and they both popped up the virus, i tried removing it and restarted my computer to find out that it is still in my computer. Can anyone tell me how to remove this virus. From reading about this virus i saw it is very tricky to remove because it hides deep in the system. Anyone and all help would be appreciated.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 09 August 2012 - 07:47 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ajlaw85

ajlaw85
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 09 August 2012 - 02:41 PM

security check:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Webroot SecureAnywhere
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by AJ at 15:37:02 on 2012-08-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1116 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Users\AJ\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tagged.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
uURLSearchHooks: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTor.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbhelper.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mURLSearchHooks: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI5C88~1\Datamngr\ToolBar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTor.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTor.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI5C88~1\Datamngr\ToolBar\searchqudtx.dll
TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
uRun: [Facebook Update] "C:\Users\AJ\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [cdloader] "C:\Users\AJ\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "C:\Users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [FaxCenterServer] "C:\Program Files (x86)\Dell PC Fax\fm3032.exe" /s
mRun: [DATAMNGR] C:\PROGRA~2\WI5C88~1\Datamngr\DATAMN~1.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\AJ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\AJ\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{58A21406-26EB-4D17-B750-12E0D2D73A62} : DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{58A21406-26EB-4D17-B750-12E0D2D73A62}\265627E637665333D27657563747 : DhcpNameServer = 192.168.33.1
TCP: Interfaces\{58A21406-26EB-4D17-B750-12E0D2D73A62}\26574747562766C697A7 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{58A21406-26EB-4D17-B750-12E0D2D73A62}\3586962796E656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{58A21406-26EB-4D17-B750-12E0D2D73A62}\C696E6B6379737 : DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO-X64: Updater For Spam Free Search Bar - No File
BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO-X64: Spam Free Search Bar - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO-X64: NCH EN - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI5C88~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI5C88~1\Datamngr\IEBHO.dll
BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTor.dll
BHO-X64: uTorrentBar2 - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
BHO-X64: Webroot Browser Helper Object - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - C:\Program Files (x86)\uTorrentBar2\prxtbuTor.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI5C88~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: Hyperionics DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [FaxCenterServer] "C:\Program Files (x86)\Dell PC Fax\fm3032.exe" /s
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI5C88~1\Datamngr\DATAMN~1.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdf2492c5-7b2c-4ae4-9aa8-b3a97323cba7%7D&mid=3cccfa730b3e47d1b66b6939b279d91c-894426183ffa46505e9cb4e75754c5beb5ccf007&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-05-06%2008%3A03%3A40&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\AJ\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\AJ\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\AJ\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\AJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{b54561db-0bbb-41b4-a814-df8301fe0a8e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 7227443600000000000068a3c4e7b4e8
FF - user.js: extensions.BabylonToolbar_i.hardId - 7227443600000000000068a3c4e7b4e8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15371
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:41:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 722744360000000000000aa3c4e7b4e8
FF - user.js: extensions.funmoods.instlDay - 15494
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:5:14
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extentions.y2layers.installId - e4c8b1bb-6f45-4734-b18d-cb7e7363566c
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,buzzdock,bestvideodownloader,ezlooker,dropdowndeals,twittube,toprelatedtopics,interstitialads
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-8 352848]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-6-18 873064]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-19 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-4-19 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-24 135608]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-2-15 257344]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-9-24 126392]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-19 2320920]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-4-24 109064]
R2 WRSVC;WRSVC;C:\Program Files (x86)\Webroot\WRSA.exe [2012-7-3 684304]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-08-04 11:50:36 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-12 13:30:01 -------- d-----w- C:\Users\AJ\AppData\Local\Opera
2012-07-12 13:25:51 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:15:56 2004480 ----a-w- C:\Windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-03 12:39:50 112720 ----a-w- C:\Windows\System32\drivers\IaxZXrLI.sys
2012-07-03 12:34:17 148728 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-07-03 12:34:17 101872 ----a-w- C:\Windows\System32\WRusr.dll
2012-07-03 12:34:16 112720 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:40:01.84 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/19/2011 1:09:39 PM
System Uptime: 8/9/2012 5:49:50 AM (10 hours ago)
.
Motherboard: Acer | | Aspire 5733Z
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 313.7 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP51: 7/4/2012 11:30:35 AM - Scheduled Checkpoint
RP52: 7/12/2012 9:19:07 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.21
ABBYY FineReader 6.0 Sprint
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.6
Agatha Christie - 4:50 from Paddington
AIM 7
Anti-phishing Domain Advisor
Any Video Converter 3.3.3
Ask Toolbar
Ask Toolbar Updater
AviSynth 2.5
Babylon toolbar on IE
Backup Manager V3
Bejeweled 2 Deluxe
Bing Bar
Bucksbee Loyalty Plugin 100815.b for Chrome
Build-a-lot 2
Chuzzle Deluxe
Cisco Connect
clear.fi
clear.fi Client
D3DX10
DAEMON Tools Pro
DealPly
Debut Video Capture Software
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Download Updater (AOL LLC)
Driver Detective
Facebook Messenger 2.0.4447.0
Facebook Messenger 2.1.4590.0
Facebook Video Calling 1.2.0.159
FATE - The Traitor Soul
Final Drive: Nitro
Flixster
Flixster Collections
FLV Player
FoxTab PDF Creator
Free Ringtone Maker 2.1.1.6
Free Video to MP3 Converter version 5.0.4.1228
FrostWire 5.2.9
Galerie de photos Windows Live
Google Chrome
HyperCam 2
Hyperionics DB Toolbar
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
Jewel Quest Heritage
Junk Mail filter update
Launch Manager
Live365 Desktop
magicJack
Mall Tycoon 2
Malwarebytes Anti-Malware version 1.62.0.1300
Maxtor Manager
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
MyWinLocker 4
MyWinLocker Suite
Namco All-Stars: PAC-MAN
NCH EN Toolbar
newsXpresso
NOOK for PC
Norton Online Backup
Norton PC Checkup
NTI Media Maker 9
Opera 12.00
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
PriceGong 2.5.4
PSP Video 9 6
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
SaveVid Plug-in
Seagate File Recovery for Windows 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shredder
Skype Click to Call
Skype™ 5.8
Spam Free Search Bar
StartNow Toolbar
SweetIM for Messenger 3.6
SweetIM Toolbar for Internet Explorer 4.2
swMSM
Times Reader
Torchlight
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
uTorrentBar Toolbar
uTorrentBar2 Toolbar
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wajam
Webroot SecureAnywhere
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Savevid Toolbar
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader App 3.00
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 3:20:02 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/9/2012 3:20:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/9/2012 3:19:57 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 12.
8/9/2012 3:19:57 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
8/8/2012 11:03:40 AM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/6/2012 3:36:34 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/6/2012 3:36:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/6/2012 3:36:31 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/4/2012 3:37:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 3:32:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/4/2012 3:32:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/4/2012 3:32:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/4/2012 3:32:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/4/2012 3:22:56 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 3:20:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
8/4/2012 3:20:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

#4 ajlaw85

ajlaw85
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 09 August 2012 - 02:43 PM

everything is still the same, adobe flash player still tries to download, and i still get notifications about having the trojan on my computer

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 09 August 2012 - 03:03 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ajlaw85

ajlaw85
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 09 August 2012 - 04:25 PM

how long is this program supposed to take because i ran it for 45 minutes and it stops at a certain folder and won't go any further

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 09 August 2012 - 05:02 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ajlaw85

ajlaw85
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 10 August 2012 - 06:45 AM

i can't find where to disable my antivirus in safe mode, and for some reason my computer has webroot that i don't remember downloading and it says its infected and i can't find where to disable that to properly run combofix

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 10 August 2012 - 07:15 AM

go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ajlaw85

ajlaw85
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 10 August 2012 - 07:18 AM

i ran it and its attempting to create a system restore point and won't give me the log

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 10 August 2012 - 07:23 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ajlaw85

ajlaw85
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 10 August 2012 - 11:45 AM

i got the comnofix log:

ComboFix 12-08-09.01 - AJ 08/10/2012 8:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2514 [GMT -4:00]
Running from: c:\users\AJ\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\Hyperionics DB Toolbar\tbHElper.dll
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\program files (x86)\TelevisionFanaticEI
c:\users\AJ\AppData\Local\Minibar
c:\users\AJ\AppData\Local\Minibar\chrome\background.html
c:\users\AJ\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\AJ\AppData\Local\Minibar\chrome\extension_info.json
c:\users\AJ\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\AJ\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\AJ\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\AJ\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\AJ\AppData\Local\Minibar\chrome\includes\content.js
c:\users\AJ\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\AJ\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\AJ\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\console.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\io.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\AJ\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\AJ\AppData\Local\Minibar\chrome\main.js
c:\users\AJ\AppData\Local\Minibar\chrome\manifest.json
c:\users\AJ\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\AJ\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\AJ\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\AJ\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\AJ\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\AJ\AppData\Local\Minibar\chrome\popup.html
c:\users\AJ\AppData\Local\Minibar\chrome\popup.js
c:\users\AJ\AppData\Local\Minibar\chrome\tab.html
c:\users\AJ\AppData\Local\Minibar\chrome\tab.js
c:\users\AJ\AppData\Local\Minibar\chrome_installer.js
c:\users\AJ\AppData\Local\Minibar\common.js
c:\users\AJ\AppData\Local\Minibar\install.json
c:\users\AJ\AppData\Local\Minibar\minibar.crx
c:\users\AJ\AppData\Local\Minibar\sqlite3.exe
c:\users\AJ\AppData\Local\Minibar\Uninstall.exe
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\searchplugins\bing-zugo.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\@
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\L\00000004.@
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\L\201d3dde
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\U\00000004.@
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\U\00000008.@
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\U\000000cb.@
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\U\80000000.@
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\U\80000032.@
c:\windows\Installer\{e2b7c37a-dedf-15ed-67c5-497cbebb84a7}\U\80000064.@
c:\windows\jestertb.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\TEMP\WRusr.dll-193862-1.tmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-04 11:50 . 2012-08-04 11:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 13:30 . 2012-07-12 13:30 -------- d-----w- c:\users\AJ\AppData\Local\Opera
2012-07-12 13:29 . 2012-07-12 13:29 -------- d-----w- c:\program files (x86)\Opera
2012-07-12 13:25 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 13:21 . 2012-04-12 13:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2012-07-05 14:28 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 12:39 . 2012-07-03 12:39 112720 ----a-w- c:\windows\system32\drivers\IaxZXrLI.sys
2012-06-09 05:43 . 2012-07-11 11:15 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:15 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:15 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:15 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:15 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:15 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:15 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 12:15 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 12:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 12:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 12:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 12:15 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 12:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 12:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 12:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:15 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:15 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 11:15 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 11:15 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:15 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:15 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:15 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b54561db-0bbb-41b4-a814-df8301fe0a8e}"= "c:\program files (x86)\uTorrentBar2\prxtbuTor.dll" [2011-05-09 176936]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b54561db-0bbb-41b4-a814-df8301fe0a8e}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2011-12-22 21:17 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2011-12-22 21:16 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 11:59 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b54561db-0bbb-41b4-a814-df8301fe0a8e}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-25 02:21 1299248 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b54561db-0bbb-41b4-a814-df8301fe0a8e}"= "c:\program files (x86)\uTorrentBar2\prxtbuTor.dll" [2011-05-09 176936]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-25 1299248]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2011-12-22 86696]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{b54561db-0bbb-41b4-a814-df8301fe0a8e}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\AJ\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"cdloader"="c:\users\AJ\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-31 1092688]
"FaxCenterServer"="c:\program files (x86)\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-12-21 206504]
"mxomssmenu"="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-09 177448]
"WRSVC"="c:\program files (x86)\Webroot\WRSA.exe" [2012-07-03 684304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\AJ\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-29 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-09-22 243712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-03 271424]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-04-19 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-04-19 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-04-19 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-12-07 135608]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-04-24 109064]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046117882-2264977330-4279921822-1000Core.job
- c:\users\AJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-18 22:40]
.
2012-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3046117882-2264977330-4279921822-1000UA.job
- c:\users\AJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-18 22:40]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046117882-2264977330-4279921822-1000Core.job
- c:\users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 12:10]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3046117882-2264977330-4279921822-1000UA.job
- c:\users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 12:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
2011-06-01 20:34 1793432 ----a-w- c:\progra~2\WI5C88~1\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-18 11779176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\WI5C88~1\Datamngr\x64\datamngr.dll c:\progra~2\WI5C88~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://tagged.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Save video on Savevid.com - c:\program files (x86)\Savevid\redirect.htm
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdf2492c5-7b2c-4ae4-9aa8-b3a97323cba7%7D&mid=3cccfa730b3e47d1b66b6939b279d91c-894426183ffa46505e9cb4e75754c5beb5ccf007&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-05-06%2008%3A03%3A40&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.id - 7227443600000000000068a3c4e7b4e8
FF - user.js: extensions.BabylonToolbar_i.hardId - 7227443600000000000068a3c4e7b4e8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15371
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 722744360000000000000aa3c4e7b4e8
FF - user.js: extensions.funmoods.instlDay - 15494
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:5:14
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extentions.y2layers.installId - e4c8b1bb-6f45-4734-b18d-cb7e7363566c
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,buzzdock,bestvideodownloader,ezlooker,dropdowndeals,twittube,toprelatedtopics,interstitialads
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WI5C88~1\Datamngr\DATAMN~1.EXE
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{B54561DB-0BBB-41B4-A814-DF8301FE0A8E} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Maxtor\Sync\SyncServices.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
**************************************************************************
.
Completion time: 2012-08-10 08:40:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 12:40
.
Pre-Run: 351,627,096,064 bytes free
Post-Run: 355,776,692,224 bytes free
.
- - End Of File - - 7257916530642B79C5B54D5F056181D9

#13 ajlaw85

ajlaw85
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 10 August 2012 - 11:48 AM

tdsskiller:

12:46:39.0405 1912 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:46:39.0639 1912 ============================================================
12:46:39.0639 1912 Current date / time: 2012/08/10 12:46:39.0639
12:46:39.0639 1912 SystemInfo:
12:46:39.0639 1912
12:46:39.0639 1912 OS Version: 6.1.7601 ServicePack: 1.0
12:46:39.0639 1912 Product type: Workstation
12:46:39.0639 1912 ComputerName: AJ-PC
12:46:39.0639 1912 UserName: AJ
12:46:39.0639 1912 Windows directory: C:\Windows
12:46:39.0639 1912 System windows directory: C:\Windows
12:46:39.0639 1912 Running under WOW64
12:46:39.0639 1912 Processor architecture: Intel x64
12:46:39.0639 1912 Number of processors: 2
12:46:39.0639 1912 Page size: 0x1000
12:46:39.0639 1912 Boot type: Safe boot with network
12:46:39.0639 1912 ============================================================
12:46:40.0029 1912 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:46:40.0045 1912 ============================================================
12:46:40.0045 1912 \Device\Harddisk0\DR0:
12:46:40.0045 1912 MBR partitions:
12:46:40.0045 1912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
12:46:40.0045 1912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x38353000
12:46:40.0045 1912 ============================================================
12:46:40.0061 1912 C: <-> \Device\Harddisk0\DR0\Partition1
12:46:40.0061 1912 ============================================================
12:46:40.0061 1912 Initialize success
12:46:40.0061 1912 ============================================================
12:46:42.0900 1508 ============================================================
12:46:42.0900 1508 Scan started
12:46:42.0900 1508 Mode: Manual;
12:46:42.0900 1508 ============================================================
12:46:43.0337 1508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:46:43.0337 1508 1394ohci - ok
12:46:43.0368 1508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:46:43.0368 1508 ACPI - ok
12:46:43.0399 1508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:46:43.0399 1508 AcpiPmi - ok
12:46:43.0446 1508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:46:43.0461 1508 adp94xx - ok
12:46:43.0493 1508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:46:43.0508 1508 adpahci - ok
12:46:43.0539 1508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:46:43.0555 1508 adpu320 - ok
12:46:43.0586 1508 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:46:43.0586 1508 AeLookupSvc - ok
12:46:43.0695 1508 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:46:43.0695 1508 AFD - ok
12:46:43.0727 1508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:46:43.0727 1508 agp440 - ok
12:46:43.0758 1508 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:46:43.0758 1508 ALG - ok
12:46:43.0773 1508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:46:43.0773 1508 aliide - ok
12:46:43.0820 1508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:46:43.0820 1508 amdide - ok
12:46:43.0836 1508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:46:43.0836 1508 AmdK8 - ok
12:46:43.0836 1508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:46:43.0836 1508 AmdPPM - ok
12:46:43.0883 1508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:46:43.0883 1508 amdsata - ok
12:46:43.0929 1508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:46:43.0929 1508 amdsbs - ok
12:46:43.0945 1508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:46:43.0945 1508 amdxata - ok
12:46:43.0961 1508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:46:43.0961 1508 AppID - ok
12:46:44.0007 1508 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:46:44.0007 1508 AppIDSvc - ok
12:46:44.0039 1508 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:46:44.0039 1508 Appinfo - ok
12:46:44.0148 1508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:46:44.0148 1508 arc - ok
12:46:44.0163 1508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:46:44.0163 1508 arcsas - ok
12:46:44.0163 1508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:46:44.0163 1508 AsyncMac - ok
12:46:44.0179 1508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:46:44.0179 1508 atapi - ok
12:46:44.0397 1508 athr (cc406da84e7dd3fa3ad20340dbc66cf2) C:\Windows\system32\DRIVERS\athrx.sys
12:46:44.0444 1508 athr - ok
12:46:44.0569 1508 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:46:44.0569 1508 AudioEndpointBuilder - ok
12:46:44.0585 1508 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:46:44.0585 1508 AudioSrv - ok
12:46:44.0803 1508 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:46:44.0897 1508 AVGIDSAgent - ok
12:46:44.0990 1508 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:46:44.0990 1508 AVGIDSDriver - ok
12:46:45.0037 1508 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:46:45.0037 1508 AVGIDSFilter - ok
12:46:45.0053 1508 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:46:45.0053 1508 AVGIDSHA - ok
12:46:45.0084 1508 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:46:45.0084 1508 Avgldx64 - ok
12:46:45.0099 1508 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:46:45.0099 1508 Avgmfx64 - ok
12:46:45.0115 1508 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:46:45.0115 1508 Avgrkx64 - ok
12:46:45.0162 1508 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:46:45.0162 1508 Avgtdia - ok
12:46:45.0224 1508 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:46:45.0224 1508 avgwd - ok
12:46:45.0271 1508 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:46:45.0271 1508 AxInstSV - ok
12:46:45.0302 1508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:46:45.0302 1508 b06bdrv - ok
12:46:45.0333 1508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:46:45.0333 1508 b57nd60a - ok
12:46:45.0396 1508 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:46:45.0396 1508 BBSvc - ok
12:46:45.0567 1508 BCM43XX (85111026f1c5a1c4cce3697f0da7bc1a) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:46:45.0630 1508 BCM43XX - ok
12:46:45.0723 1508 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:46:45.0723 1508 BDESVC - ok
12:46:45.0755 1508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:46:45.0755 1508 Beep - ok
12:46:45.0801 1508 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:46:45.0817 1508 BFE - ok
12:46:45.0817 1508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
12:46:45.0817 1508 blbdrive - ok
12:46:45.0848 1508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:46:45.0848 1508 bowser - ok
12:46:45.0864 1508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:46:45.0879 1508 BrFiltLo - ok
12:46:45.0895 1508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:46:45.0895 1508 BrFiltUp - ok
12:46:45.0911 1508 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:46:45.0911 1508 BridgeMP - ok
12:46:45.0926 1508 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:46:45.0942 1508 Browser - ok
12:46:45.0973 1508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:46:45.0989 1508 Brserid - ok
12:46:45.0989 1508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:46:45.0989 1508 BrSerWdm - ok
12:46:45.0989 1508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:46:46.0004 1508 BrUsbMdm - ok
12:46:46.0004 1508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:46:46.0004 1508 BrUsbSer - ok
12:46:46.0004 1508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:46:46.0004 1508 BTHMODEM - ok
12:46:46.0035 1508 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:46:46.0035 1508 bthserv - ok
12:46:46.0082 1508 catchme - ok
12:46:46.0129 1508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:46:46.0129 1508 cdfs - ok
12:46:46.0145 1508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:46:46.0145 1508 cdrom - ok
12:46:46.0160 1508 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:46:46.0176 1508 CertPropSvc - ok
12:46:46.0191 1508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:46:46.0191 1508 circlass - ok
12:46:46.0223 1508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:46:46.0223 1508 CLFS - ok
12:46:46.0269 1508 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:46:46.0285 1508 clr_optimization_v2.0.50727_32 - ok
12:46:46.0316 1508 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:46:46.0316 1508 clr_optimization_v2.0.50727_64 - ok
12:46:46.0363 1508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:46:46.0394 1508 clr_optimization_v4.0.30319_32 - ok
12:46:46.0441 1508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:46:46.0441 1508 clr_optimization_v4.0.30319_64 - ok
12:46:46.0472 1508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:46:46.0472 1508 CmBatt - ok
12:46:46.0503 1508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:46:46.0503 1508 cmdide - ok
12:46:46.0566 1508 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:46:46.0566 1508 CNG - ok
12:46:46.0581 1508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:46:46.0581 1508 Compbatt - ok
12:46:46.0581 1508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:46:46.0581 1508 CompositeBus - ok
12:46:46.0581 1508 COMSysApp - ok
12:46:46.0597 1508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:46:46.0613 1508 crcdisk - ok
12:46:46.0659 1508 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:46:46.0659 1508 CryptSvc - ok
12:46:46.0706 1508 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:46:46.0706 1508 DcomLaunch - ok
12:46:46.0753 1508 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:46:46.0769 1508 defragsvc - ok
12:46:46.0769 1508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:46:46.0769 1508 DfsC - ok
12:46:46.0800 1508 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:46:46.0800 1508 Dhcp - ok
12:46:46.0815 1508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:46:46.0815 1508 discache - ok
12:46:46.0815 1508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:46:46.0815 1508 Disk - ok
12:46:46.0815 1508 dlcx_device - ok
12:46:46.0847 1508 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:46:46.0862 1508 Dnscache - ok
12:46:46.0893 1508 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:46:46.0909 1508 dot3svc - ok
12:46:46.0940 1508 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:46:46.0940 1508 DPS - ok
12:46:46.0956 1508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:46:46.0956 1508 drmkaud - ok
12:46:47.0065 1508 DsiWMIService (32c2cd16dc801aef9edaafea0dbd769e) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:46:47.0081 1508 DsiWMIService - ok
12:46:47.0112 1508 dtsoftbus01 (821bf177a24172f5f0ee9b322f58516c) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:46:47.0112 1508 dtsoftbus01 - ok
12:46:47.0174 1508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:46:47.0174 1508 DXGKrnl - ok
12:46:47.0205 1508 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:46:47.0205 1508 EapHost - ok
12:46:47.0299 1508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:46:47.0377 1508 ebdrv - ok
12:46:47.0455 1508 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:46:47.0455 1508 EFS - ok
12:46:47.0533 1508 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
12:46:47.0533 1508 EgisTec Ticket Service - ok
12:46:47.0595 1508 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:46:47.0611 1508 ehRecvr - ok
12:46:47.0611 1508 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:46:47.0627 1508 ehSched - ok
12:46:47.0658 1508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:46:47.0658 1508 elxstor - ok
12:46:47.0736 1508 ePowerSvc (eb1c213a8550f066b2ccc29c9f41e2ae) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
12:46:47.0751 1508 ePowerSvc - ok
12:46:47.0829 1508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:46:47.0829 1508 ErrDev - ok
12:46:47.0876 1508 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:46:47.0876 1508 EventSystem - ok
12:46:47.0923 1508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:46:47.0923 1508 exfat - ok
12:46:47.0954 1508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:46:47.0970 1508 fastfat - ok
12:46:48.0032 1508 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:46:48.0032 1508 Fax - ok
12:46:48.0048 1508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:46:48.0048 1508 fdc - ok
12:46:48.0063 1508 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:46:48.0063 1508 fdPHost - ok
12:46:48.0063 1508 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:46:48.0063 1508 FDResPub - ok
12:46:48.0110 1508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:46:48.0110 1508 FileInfo - ok
12:46:48.0110 1508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:46:48.0110 1508 Filetrace - ok
12:46:48.0204 1508 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:46:48.0219 1508 FLEXnet Licensing Service - ok
12:46:48.0251 1508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:46:48.0251 1508 flpydisk - ok
12:46:48.0282 1508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:46:48.0282 1508 FltMgr - ok
12:46:48.0344 1508 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:46:48.0360 1508 FontCache - ok
12:46:48.0422 1508 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:46:48.0422 1508 FontCache3.0.0.0 - ok
12:46:48.0469 1508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:46:48.0469 1508 FsDepends - ok
12:46:48.0516 1508 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:46:48.0516 1508 Fs_Rec - ok
12:46:48.0531 1508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:46:48.0531 1508 fvevol - ok
12:46:48.0547 1508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:46:48.0547 1508 gagp30kx - ok
12:46:48.0625 1508 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:46:48.0625 1508 GamesAppService - ok
12:46:48.0687 1508 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:46:48.0687 1508 gpsvc - ok
12:46:48.0734 1508 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:46:48.0734 1508 GREGService - ok
12:46:48.0750 1508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:46:48.0750 1508 hcw85cir - ok
12:46:48.0797 1508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:46:48.0797 1508 HdAudAddService - ok
12:46:48.0828 1508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:46:48.0828 1508 HDAudBus - ok
12:46:48.0859 1508 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
12:46:48.0859 1508 HECIx64 - ok
12:46:48.0875 1508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:46:48.0875 1508 HidBatt - ok
12:46:48.0890 1508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:46:48.0890 1508 HidBth - ok
12:46:48.0890 1508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:46:48.0890 1508 HidIr - ok
12:46:48.0921 1508 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:46:48.0921 1508 hidserv - ok
12:46:48.0953 1508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:46:48.0953 1508 HidUsb - ok
12:46:48.0968 1508 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:46:48.0968 1508 hkmsvc - ok
12:46:48.0968 1508 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:46:48.0968 1508 HomeGroupListener - ok
12:46:48.0999 1508 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:46:49.0015 1508 HomeGroupProvider - ok
12:46:49.0031 1508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:46:49.0031 1508 HpSAMD - ok
12:46:49.0077 1508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:46:49.0093 1508 HTTP - ok
12:46:49.0093 1508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:46:49.0093 1508 hwpolicy - ok
12:46:49.0109 1508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:46:49.0109 1508 i8042prt - ok
12:46:49.0155 1508 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\drivers\iaStor.sys
12:46:49.0155 1508 iaStor - ok
12:46:49.0218 1508 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:46:49.0218 1508 IAStorDataMgrSvc - ok
12:46:49.0265 1508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:46:49.0265 1508 iaStorV - ok
12:46:49.0343 1508 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:46:49.0358 1508 idsvc - ok
12:46:49.0686 1508 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:46:49.0889 1508 igfx - ok
12:46:49.0967 1508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:46:49.0967 1508 iirsp - ok
12:46:50.0013 1508 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:46:50.0029 1508 IKEEXT - ok
12:46:50.0045 1508 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
12:46:50.0060 1508 Impcd - ok
12:46:50.0169 1508 IntcAzAudAddService (650d06e28a43e365a01ec4ee0946fc24) C:\Windows\system32\drivers\RTKVHD64.sys
12:46:50.0185 1508 IntcAzAudAddService - ok
12:46:50.0279 1508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:46:50.0279 1508 intelide - ok
12:46:50.0294 1508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:46:50.0294 1508 intelppm - ok
12:46:50.0325 1508 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:46:50.0325 1508 IPBusEnum - ok
12:46:50.0357 1508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:50.0357 1508 IpFilterDriver - ok
12:46:50.0403 1508 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:46:50.0403 1508 iphlpsvc - ok
12:46:50.0403 1508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:46:50.0403 1508 IPMIDRV - ok
12:46:50.0435 1508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:46:50.0435 1508 IPNAT - ok
12:46:50.0450 1508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:46:50.0450 1508 IRENUM - ok
12:46:50.0466 1508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:46:50.0466 1508 isapnp - ok
12:46:50.0481 1508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:46:50.0497 1508 iScsiPrt - ok
12:46:50.0544 1508 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:46:50.0544 1508 k57nd60a - ok
12:46:50.0544 1508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:46:50.0544 1508 kbdclass - ok
12:46:50.0591 1508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:46:50.0591 1508 kbdhid - ok
12:46:50.0606 1508 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:46:50.0622 1508 KeyIso - ok
12:46:50.0669 1508 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:46:50.0669 1508 KSecDD - ok
12:46:50.0684 1508 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:46:50.0684 1508 KSecPkg - ok
12:46:50.0715 1508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:46:50.0715 1508 ksthunk - ok
12:46:50.0762 1508 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:46:50.0762 1508 KtmRm - ok
12:46:50.0809 1508 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:46:50.0809 1508 LanmanServer - ok
12:46:50.0825 1508 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:46:50.0825 1508 LanmanWorkstation - ok
12:46:50.0903 1508 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:46:50.0903 1508 Live Updater Service - ok
12:46:50.0918 1508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:46:50.0918 1508 lltdio - ok
12:46:50.0949 1508 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:46:50.0965 1508 lltdsvc - ok
12:46:50.0981 1508 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:46:50.0981 1508 lmhosts - ok
12:46:51.0074 1508 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:46:51.0074 1508 LMS - ok
12:46:51.0090 1508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:46:51.0090 1508 LSI_FC - ok
12:46:51.0121 1508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:46:51.0121 1508 LSI_SAS - ok
12:46:51.0121 1508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:46:51.0121 1508 LSI_SAS2 - ok
12:46:51.0137 1508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:46:51.0137 1508 LSI_SCSI - ok
12:46:51.0152 1508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:46:51.0152 1508 luafv - ok
12:46:51.0199 1508 Maxtor Sync Service (f96cdd0edb411c1193c5dd9925c306db) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
12:46:51.0215 1508 Maxtor Sync Service - ok
12:46:51.0261 1508 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
12:46:51.0261 1508 MBAMProtector - ok
12:46:51.0308 1508 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:46:51.0308 1508 MBAMService - ok
12:46:51.0339 1508 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:46:51.0339 1508 Mcx2Svc - ok
12:46:51.0355 1508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:46:51.0355 1508 megasas - ok
12:46:51.0371 1508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:46:51.0371 1508 MegaSR - ok
12:46:51.0402 1508 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:46:51.0402 1508 MMCSS - ok
12:46:51.0417 1508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:46:51.0417 1508 Modem - ok
12:46:51.0433 1508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:46:51.0433 1508 monitor - ok
12:46:51.0433 1508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:46:51.0433 1508 mouclass - ok
12:46:51.0449 1508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:46:51.0464 1508 mouhid - ok
12:46:51.0480 1508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:46:51.0480 1508 mountmgr - ok
12:46:51.0527 1508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:46:51.0542 1508 mpio - ok
12:46:51.0542 1508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:46:51.0542 1508 mpsdrv - ok
12:46:51.0605 1508 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:46:51.0605 1508 MpsSvc - ok
12:46:51.0620 1508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:46:51.0620 1508 MRxDAV - ok
12:46:51.0651 1508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:51.0651 1508 mrxsmb - ok
12:46:51.0667 1508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:51.0683 1508 mrxsmb10 - ok
12:46:51.0714 1508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:51.0714 1508 mrxsmb20 - ok
12:46:51.0729 1508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:46:51.0729 1508 msahci - ok
12:46:51.0761 1508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:46:51.0761 1508 msdsm - ok
12:46:51.0823 1508 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:46:51.0823 1508 MSDTC - ok
12:46:51.0854 1508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:46:51.0854 1508 Msfs - ok
12:46:51.0854 1508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:46:51.0854 1508 mshidkmdf - ok
12:46:51.0870 1508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:46:51.0870 1508 msisadrv - ok
12:46:51.0885 1508 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:46:51.0885 1508 MSiSCSI - ok
12:46:51.0885 1508 msiserver - ok
12:46:51.0932 1508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:46:51.0932 1508 MSKSSRV - ok
12:46:51.0948 1508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:51.0948 1508 MSPCLOCK - ok
12:46:51.0963 1508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:46:51.0963 1508 MSPQM - ok
12:46:51.0979 1508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:46:51.0979 1508 MsRPC - ok
12:46:51.0995 1508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:46:51.0995 1508 mssmbios - ok
12:46:52.0010 1508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:46:52.0010 1508 MSTEE - ok
12:46:52.0010 1508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:46:52.0010 1508 MTConfig - ok
12:46:52.0041 1508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:46:52.0041 1508 Mup - ok
12:46:52.0041 1508 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:46:52.0041 1508 mwlPSDFilter - ok
12:46:52.0041 1508 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:46:52.0041 1508 mwlPSDNServ - ok
12:46:52.0073 1508 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:46:52.0073 1508 mwlPSDVDisk - ok
12:46:52.0104 1508 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:46:52.0104 1508 napagent - ok
12:46:52.0166 1508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:46:52.0166 1508 NativeWifiP - ok
12:46:52.0229 1508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:46:52.0229 1508 NDIS - ok
12:46:52.0244 1508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:46:52.0244 1508 NdisCap - ok
12:46:52.0244 1508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:46:52.0244 1508 NdisTapi - ok
12:46:52.0260 1508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:46:52.0260 1508 Ndisuio - ok
12:46:52.0260 1508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:46:52.0260 1508 NdisWan - ok
12:46:52.0291 1508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:46:52.0291 1508 NDProxy - ok
12:46:52.0291 1508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:46:52.0291 1508 NetBIOS - ok
12:46:52.0322 1508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:46:52.0322 1508 NetBT - ok
12:46:52.0353 1508 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:46:52.0353 1508 Netlogon - ok
12:46:52.0385 1508 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:46:52.0400 1508 Netman - ok
12:46:52.0431 1508 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:46:52.0431 1508 netprofm - ok
12:46:52.0478 1508 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:46:52.0478 1508 NetTcpPortSharing - ok
12:46:52.0509 1508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:46:52.0509 1508 nfrd960 - ok
12:46:52.0556 1508 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:46:52.0556 1508 NlaSvc - ok
12:46:52.0712 1508 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
12:46:52.0728 1508 NOBU - ok
12:46:52.0790 1508 Norton PC Checkup Application Launcher - ok
12:46:52.0884 1508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:46:52.0884 1508 Npfs - ok
12:46:52.0899 1508 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:46:52.0899 1508 nsi - ok
12:46:52.0915 1508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:46:52.0915 1508 nsiproxy - ok
12:46:53.0040 1508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:46:53.0055 1508 Ntfs - ok
12:46:53.0118 1508 NTI IScheduleSvc (773eed20bbf50809437373c0285bfa5e) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
12:46:53.0118 1508 NTI IScheduleSvc - ok
12:46:53.0211 1508 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
12:46:53.0211 1508 NTIDrvr - ok
12:46:53.0211 1508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:46:53.0211 1508 Null - ok
12:46:53.0258 1508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:46:53.0258 1508 nvraid - ok
12:46:53.0274 1508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:46:53.0274 1508 nvstor - ok
12:46:53.0289 1508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:46:53.0289 1508 nv_agp - ok
12:46:53.0289 1508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:46:53.0289 1508 ohci1394 - ok
12:46:53.0336 1508 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:46:53.0336 1508 p2pimsvc - ok
12:46:53.0367 1508 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:46:53.0367 1508 p2psvc - ok
12:46:53.0399 1508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:46:53.0399 1508 Parport - ok
12:46:53.0414 1508 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:46:53.0430 1508 partmgr - ok
12:46:53.0430 1508 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:46:53.0445 1508 PcaSvc - ok
12:46:53.0508 1508 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
12:46:53.0508 1508 PCCUJobMgr - ok
12:46:53.0539 1508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:46:53.0539 1508 pci - ok
12:46:53.0555 1508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:46:53.0555 1508 pciide - ok
12:46:53.0570 1508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:46:53.0570 1508 pcmcia - ok
12:46:53.0570 1508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:46:53.0586 1508 pcw - ok
12:46:53.0601 1508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:46:53.0617 1508 PEAUTH - ok
12:46:53.0695 1508 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:46:53.0695 1508 PerfHost - ok
12:46:53.0773 1508 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:46:53.0789 1508 pla - ok
12:46:53.0820 1508 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:46:53.0820 1508 PlugPlay - ok
12:46:53.0867 1508 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:46:53.0867 1508 PNRPAutoReg - ok
12:46:53.0867 1508 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:46:53.0882 1508 PNRPsvc - ok
12:46:53.0913 1508 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:46:53.0913 1508 PolicyAgent - ok
12:46:53.0960 1508 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:46:53.0960 1508 Power - ok
12:46:54.0007 1508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:46:54.0007 1508 PptpMiniport - ok
12:46:54.0023 1508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:46:54.0038 1508 Processor - ok
12:46:54.0069 1508 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:46:54.0069 1508 ProfSvc - ok
12:46:54.0085 1508 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:46:54.0085 1508 ProtectedStorage - ok
12:46:54.0132 1508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:46:54.0132 1508 Psched - ok
12:46:54.0194 1508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:46:54.0210 1508 ql2300 - ok
12:46:54.0303 1508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:46:54.0303 1508 ql40xx - ok
12:46:54.0335 1508 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:46:54.0335 1508 QWAVE - ok
12:46:54.0366 1508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:46:54.0366 1508 QWAVEdrv - ok
12:46:54.0381 1508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:46:54.0381 1508 RasAcd - ok
12:46:54.0397 1508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:46:54.0397 1508 RasAgileVpn - ok
12:46:54.0428 1508 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:46:54.0428 1508 RasAuto - ok
12:46:54.0428 1508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:46:54.0428 1508 Rasl2tp - ok
12:46:54.0459 1508 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:46:54.0459 1508 RasMan - ok
12:46:54.0475 1508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:46:54.0475 1508 RasPppoe - ok
12:46:54.0522 1508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:46:54.0522 1508 RasSstp - ok
12:46:54.0553 1508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:46:54.0553 1508 rdbss - ok
12:46:54.0584 1508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:46:54.0584 1508 rdpbus - ok
12:46:54.0584 1508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:46:54.0584 1508 RDPCDD - ok
12:46:54.0600 1508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:46:54.0600 1508 RDPENCDD - ok
12:46:54.0600 1508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:46:54.0600 1508 RDPREFMP - ok
12:46:54.0631 1508 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:46:54.0631 1508 RDPWD - ok
12:46:54.0647 1508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:46:54.0647 1508 rdyboost - ok
12:46:54.0693 1508 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:46:54.0693 1508 RemoteAccess - ok
12:46:54.0740 1508 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:46:54.0740 1508 RemoteRegistry - ok
12:46:54.0740 1508 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:46:54.0740 1508 RpcEptMapper - ok
12:46:54.0771 1508 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:46:54.0771 1508 RpcLocator - ok
12:46:54.0803 1508 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:46:54.0803 1508 RpcSs - ok
12:46:54.0818 1508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:46:54.0818 1508 rspndr - ok
12:46:54.0849 1508 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\System32\Drivers\RtsUStor.sys
12:46:54.0849 1508 RSUSBSTOR - ok
12:46:54.0896 1508 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:46:54.0896 1508 SamSs - ok
12:46:54.0927 1508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:46:54.0927 1508 sbp2port - ok
12:46:54.0959 1508 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:46:54.0959 1508 SCardSvr - ok
12:46:54.0990 1508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:46:54.0990 1508 scfilter - ok
12:46:55.0021 1508 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:46:55.0037 1508 Schedule - ok
12:46:55.0068 1508 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:46:55.0068 1508 SCPolicySvc - ok
12:46:55.0099 1508 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:46:55.0115 1508 SDRSVC - ok
12:46:55.0193 1508 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:46:55.0208 1508 SeaPort - ok
12:46:55.0239 1508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:46:55.0239 1508 secdrv - ok
12:46:55.0271 1508 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:46:55.0271 1508 seclogon - ok
12:46:55.0271 1508 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:46:55.0271 1508 SENS - ok
12:46:55.0286 1508 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:46:55.0286 1508 SensrSvc - ok
12:46:55.0302 1508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:46:55.0302 1508 Serenum - ok
12:46:55.0317 1508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:46:55.0317 1508 Serial - ok
12:46:55.0333 1508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:46:55.0333 1508 sermouse - ok
12:46:55.0349 1508 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:46:55.0349 1508 SessionEnv - ok
12:46:55.0349 1508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:46:55.0349 1508 sffdisk - ok
12:46:55.0349 1508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:46:55.0349 1508 sffp_mmc - ok
12:46:55.0364 1508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:46:55.0364 1508 sffp_sd - ok
12:46:55.0364 1508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:46:55.0364 1508 sfloppy - ok
12:46:55.0411 1508 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:46:55.0411 1508 SharedAccess - ok
12:46:55.0458 1508 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:46:55.0458 1508 ShellHWDetection - ok
12:46:55.0489 1508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:46:55.0489 1508 SiSRaid2 - ok
12:46:55.0505 1508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:46:55.0505 1508 SiSRaid4 - ok
12:46:55.0583 1508 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:46:55.0598 1508 SkypeUpdate - ok
12:46:55.0614 1508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:46:55.0614 1508 Smb - ok
12:46:55.0645 1508 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:46:55.0645 1508 SNMPTRAP - ok
12:46:55.0661 1508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:46:55.0661 1508 spldr - ok
12:46:55.0692 1508 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:46:55.0707 1508 Spooler - ok
12:46:55.0848 1508 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:46:55.0879 1508 sppsvc - ok
12:46:55.0973 1508 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:46:55.0973 1508 sppuinotify - ok
12:46:56.0019 1508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:46:56.0019 1508 srv - ok
12:46:56.0035 1508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:46:56.0051 1508 srv2 - ok
12:46:56.0066 1508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:46:56.0066 1508 srvnet - ok
12:46:56.0113 1508 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:46:56.0113 1508 SSDPSRV - ok
12:46:56.0129 1508 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:46:56.0129 1508 SstpSvc - ok
12:46:56.0160 1508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:46:56.0175 1508 stexstor - ok
12:46:56.0207 1508 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:46:56.0222 1508 stisvc - ok
12:46:56.0238 1508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:46:56.0238 1508 swenum - ok
12:46:56.0285 1508 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:46:56.0285 1508 swprv - ok
12:46:56.0347 1508 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys
12:46:56.0363 1508 SynTP - ok
12:46:56.0503 1508 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:46:56.0519 1508 SysMain - ok
12:46:56.0597 1508 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:46:56.0597 1508 TabletInputService - ok
12:46:56.0612 1508 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:46:56.0612 1508 TapiSrv - ok
12:46:56.0628 1508 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:46:56.0628 1508 TBS - ok
12:46:56.0706 1508 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:46:56.0737 1508 Tcpip - ok
12:46:56.0877 1508 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:46:56.0893 1508 TCPIP6 - ok
12:46:56.0971 1508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:46:56.0971 1508 tcpipreg - ok
12:46:57.0002 1508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:46:57.0002 1508 TDPIPE - ok
12:46:57.0049 1508 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:46:57.0049 1508 TDTCP - ok
12:46:57.0049 1508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:46:57.0049 1508 tdx - ok
12:46:57.0049 1508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:46:57.0049 1508 TermDD - ok
12:46:57.0096 1508 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:46:57.0111 1508 TermService - ok
12:46:57.0111 1508 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:46:57.0111 1508 Themes - ok
12:46:57.0143 1508 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:46:57.0143 1508 THREADORDER - ok
12:46:57.0158 1508 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:46:57.0158 1508 TrkWks - ok
12:46:57.0205 1508 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:46:57.0205 1508 TrustedInstaller - ok
12:46:57.0221 1508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:46:57.0221 1508 tssecsrv - ok
12:46:57.0236 1508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:46:57.0236 1508 TsUsbFlt - ok
12:46:57.0283 1508 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:46:57.0283 1508 TsUsbGD - ok
12:46:57.0283 1508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:46:57.0283 1508 tunnel - ok
12:46:57.0299 1508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:46:57.0299 1508 uagp35 - ok
12:46:57.0299 1508 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
12:46:57.0299 1508 UBHelper - ok
12:46:57.0330 1508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:46:57.0345 1508 udfs - ok
12:46:57.0377 1508 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:46:57.0377 1508 UI0Detect - ok
12:46:57.0392 1508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:46:57.0392 1508 uliagpkx - ok
12:46:57.0408 1508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:46:57.0408 1508 umbus - ok
12:46:57.0423 1508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:46:57.0423 1508 UmPass - ok
12:46:57.0595 1508 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:46:57.0657 1508 UNS - ok
12:46:57.0751 1508 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:46:57.0767 1508 upnphost - ok
12:46:57.0798 1508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:46:57.0813 1508 usbaudio - ok
12:46:57.0829 1508 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:46:57.0845 1508 usbccgp - ok
12:46:57.0876 1508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:46:57.0876 1508 usbcir - ok
12:46:57.0891 1508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:46:57.0891 1508 usbehci - ok
12:46:57.0923 1508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:46:57.0923 1508 usbhub - ok
12:46:57.0969 1508 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:46:57.0969 1508 usbohci - ok
12:46:58.0032 1508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:46:58.0032 1508 usbprint - ok
12:46:58.0047 1508 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:46:58.0047 1508 usbscan - ok
12:46:58.0079 1508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:46:58.0079 1508 USBSTOR - ok
12:46:58.0125 1508 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:46:58.0125 1508 usbuhci - ok
12:46:58.0172 1508 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:46:58.0172 1508 usbvideo - ok
12:46:58.0203 1508 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:46:58.0203 1508 UxSms - ok
12:46:58.0235 1508 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:46:58.0235 1508 VaultSvc - ok
12:46:58.0235 1508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:46:58.0235 1508 vdrvroot - ok
12:46:58.0281 1508 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:46:58.0297 1508 vds - ok
12:46:58.0344 1508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:46:58.0344 1508 vga - ok
12:46:58.0344 1508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:46:58.0344 1508 VgaSave - ok
12:46:58.0375 1508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:46:58.0375 1508 vhdmp - ok
12:46:58.0375 1508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:46:58.0375 1508 viaide - ok
12:46:58.0391 1508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:46:58.0391 1508 volmgr - ok
12:46:58.0422 1508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:46:58.0437 1508 volmgrx - ok
12:46:58.0437 1508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:46:58.0437 1508 volsnap - ok
12:46:58.0469 1508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:46:58.0469 1508 vsmraid - ok
12:46:58.0547 1508 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:46:58.0562 1508 VSS - ok
12:46:58.0718 1508 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
12:46:58.0718 1508 vToolbarUpdater11.2.0 - ok
12:46:58.0812 1508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:46:58.0812 1508 vwifibus - ok
12:46:58.0827 1508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:46:58.0827 1508 vwififlt - ok
12:46:58.0843 1508 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:46:58.0843 1508 vwifimp - ok
12:46:58.0890 1508 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:46:58.0890 1508 W32Time - ok
12:46:58.0921 1508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:46:58.0921 1508 WacomPen - ok
12:46:58.0968 1508 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
12:46:58.0968 1508 WajamUpdater - ok
12:46:58.0983 1508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:58.0983 1508 WANARP - ok
12:46:58.0983 1508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:58.0999 1508 Wanarpv6 - ok
12:46:59.0077 1508 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:46:59.0093 1508 WatAdminSvc - ok
12:46:59.0171 1508 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:46:59.0186 1508 wbengine - ok
12:46:59.0264 1508 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:46:59.0264 1508 WbioSrvc - ok
12:46:59.0295 1508 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:46:59.0311 1508 wcncsvc - ok
12:46:59.0327 1508 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:46:59.0327 1508 WcsPlugInService - ok
12:46:59.0358 1508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:46:59.0358 1508 Wd - ok
12:46:59.0389 1508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:46:59.0389 1508 Wdf01000 - ok
12:46:59.0405 1508 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:46:59.0405 1508 WdiServiceHost - ok
12:46:59.0405 1508 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:46:59.0405 1508 WdiSystemHost - ok
12:46:59.0451 1508 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:46:59.0451 1508 WebClient - ok
12:46:59.0467 1508 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:46:59.0467 1508 Wecsvc - ok
12:46:59.0498 1508 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:46:59.0498 1508 wercplsupport - ok
12:46:59.0498 1508 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:46:59.0498 1508 WerSvc - ok
12:46:59.0545 1508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:46:59.0545 1508 WfpLwf - ok
12:46:59.0576 1508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:46:59.0576 1508 WIMMount - ok
12:46:59.0623 1508 WinDefend - ok
12:46:59.0623 1508 WinHttpAutoProxySvc - ok
12:46:59.0685 1508 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:46:59.0685 1508 Winmgmt - ok
12:46:59.0779 1508 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:46:59.0795 1508 WinRM - ok
12:46:59.0888 1508 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:46:59.0888 1508 WinUsb - ok
12:46:59.0951 1508 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:46:59.0966 1508 Wlansvc - ok
12:47:00.0013 1508 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:47:00.0013 1508 wlcrasvc - ok
12:47:00.0107 1508 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:47:00.0138 1508 wlidsvc - ok
12:47:00.0231 1508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:47:00.0231 1508 WmiAcpi - ok
12:47:00.0278 1508 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:47:00.0278 1508 wmiApSrv - ok
12:47:00.0356 1508 WMPNetworkSvc - ok
12:47:00.0372 1508 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:47:00.0372 1508 WPCSvc - ok
12:47:00.0387 1508 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:47:00.0387 1508 WPDBusEnum - ok
12:47:00.0403 1508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:47:00.0403 1508 ws2ifsl - ok
12:47:00.0450 1508 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:47:00.0450 1508 wscsvc - ok
12:47:00.0450 1508 WSearch - ok
12:47:00.0590 1508 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:47:00.0606 1508 wuauserv - ok
12:47:00.0699 1508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:47:00.0699 1508 WudfPf - ok
12:47:00.0715 1508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:00.0715 1508 WUDFRd - ok
12:47:00.0762 1508 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:47:00.0762 1508 wudfsvc - ok
12:47:00.0777 1508 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:47:00.0777 1508 WwanSvc - ok
12:47:00.0871 1508 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:47:00.0871 1508 YahooAUService - ok
12:47:00.0887 1508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:47:01.0043 1508 \Device\Harddisk0\DR0 - ok
12:47:01.0043 1508 Boot (0x1200) (3bca05dcb5b2a080f39c8e22f481219d) \Device\Harddisk0\DR0\Partition0
12:47:01.0043 1508 \Device\Harddisk0\DR0\Partition0 - ok
12:47:01.0058 1508 Boot (0x1200) (b54c50fa1d9ff7aa2eef462fb88fe69b) \Device\Harddisk0\DR0\Partition1
12:47:01.0058 1508 \Device\Harddisk0\DR0\Partition1 - ok
12:47:01.0058 1508 ============================================================
12:47:01.0058 1508 Scan finished
12:47:01.0058 1508 ============================================================
12:47:01.0074 1016 Detected object count: 0
12:47:01.0074 1016 Actual detected object count: 0

#14 ajlaw85

ajlaw85
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 10 August 2012 - 12:13 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 12:49:26
-----------------------------
12:49:26.812 OS Version: Windows x64 6.1.7601 Service Pack 1
12:49:26.812 Number of processors: 2 586 0x2505
12:49:26.812 ComputerName: AJ-PC UserName: AJ
12:49:27.685 Initialize success
12:55:49.870 AVAST engine defs: 12081000
12:56:48.573 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:56:48.573 Disk 0 Vendor: TOSHIBA_ GN00 Size: 476940MB BusType: 3
12:56:48.589 Disk 0 MBR read successfully
12:56:48.604 Disk 0 MBR scan
12:56:48.620 Disk 0 Windows 7 default MBR code
12:56:48.636 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
12:56:48.682 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
12:56:48.698 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460454 MB offset 33761280
12:56:48.714 Disk 0 scanning C:\Windows\system32\drivers
12:56:55.687 Service scanning
12:57:23.611 Modules scanning
12:57:23.611 Disk 0 trace - called modules:
12:57:23.658 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:57:23.658 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005861060]
12:57:23.658 3 CLASSPNP.SYS[fffff88001b5343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800493a050]
12:57:24.609 AVAST engine scan C:\Windows
12:57:27.667 AVAST engine scan C:\Windows\system32
12:59:39.503 AVAST engine scan C:\Windows\system32\drivers
12:59:47.958 AVAST engine scan C:\Users\AJ
13:08:46.627 AVAST engine scan C:\ProgramData
13:11:26.792 Scan finished successfully
13:12:27.430 Disk 0 MBR has been saved successfully to "C:\Users\AJ\Desktop\MBR.dat"
13:12:27.445 The log file has been saved successfully to "C:\Users\AJ\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 10 August 2012 - 01:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\uTorrentBar2
c:\program files (x86)\NCH_EN
c:\program files (x86)\blekkotb
c:\program files (x86)\SweetIM
c:\progra~2\WI5C88~1
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\Ask.com

File::
c:\windows\system32\drivers\IaxZXrLI.sys

DDS::
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752


Firefox::
FF - ProfilePath - c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\avais8ov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - user.js: extensions.BabylonToolbar_i.id - 7227443600000000000068a3c4e7b4e8
FF - user.js: extensions.BabylonToolbar_i.hardId - 7227443600000000000068a3c4e7b4e8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15371
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1Qzu0BzzyBtD0FyEzy0DtAtD0E0FyEyEtAyCtN0D0TzutBtDtCtBtDyCtDtA&cr=861341752
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 722744360000000000000aa3c4e7b4e8
FF - user.js: extensions.funmoods.instlDay - 15494
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:5:14
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extentions.y2layers.installId - e4c8b1bb-6f45-4734-b18d-cb7e7363566c
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,buzzdock,bestvideodownloader,ezlooker,dropdowndeals,twittube,toprelatedtopics,interstitialads
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users