Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Infection


  • This topic is locked This topic is locked
39 replies to this topic

#1 russcart

russcart

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 18 August 2012 - 10:25 PM

My computer is running slow, takes time to boot and seems to hesitate to respond to mouse input. All results of scans as directed are noted below. I did not have any issues scanning the computer. The computer seems to run normal and error [message] free, but slow.

Results of Defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:55 on 18/08/2012 (Russ)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Scan from DDS.com (dds.txt):

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Russ at 17:07:03 on 2012-08-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3471.2611 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://flightaware.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [UMonit] c:\windows\system32\UMonit.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341465742250
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6975B1EC-65D7-4338-9654-78703D675A37} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F08FF0A-07FB-4716-8F87-E9293974D6D6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FC931FD1-0043-4FDB-B9C5-D2BD7AD0960A} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [2012-7-14 16208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301248]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [2012-7-14 22864]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [2012-7-23 14160]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-7-23 54760]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-2-2 458464]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2012-8-8 161560]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-8-8 363800]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2010-11-15 278528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2010-11-15 1034240]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-8-8 270080]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2009-5-2 46080]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2012-7-20 686408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9cbbf78e720d8;Google Update Service (gupdate1c9cbbf78e720d8);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S2 mctskshd.exe;Clr_optimization_v2.0.50215_32;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-8-8 1691480]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-5-2 241880]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2009-6-6 12416]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2011-1-26 706304]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-5-22 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys --> c:\windows\system32\drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2010-11-15 50704]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-2-19 100456]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-16 05:03:52 388096 ----a-r- c:\documents and settings\russ\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-08-11 08:44:50 -------- d-----w- c:\windows\system32\NtmsData
2012-08-09 04:43:44 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-08-09 04:43:15 -------- d-----w- c:\program files\common files\postureAgent
2012-08-09 04:39:29 -------- d-----w- c:\windows\system32\RTCOM
2012-08-09 04:39:19 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2012-08-09 04:39:19 359016 ----a-w- c:\windows\vncutil.exe
2012-08-09 04:39:18 1833576 ----a-w- c:\windows\SkyTel.exe
2012-08-09 04:39:16 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-08-09 04:39:14 7069288 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-08-09 04:39:13 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-08-09 04:39:13 64616 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-09 04:39:13 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-08-09 04:39:13 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-09 04:39:09 9721960 ----a-w- c:\windows\RTLCPL.EXE
2012-08-09 04:25:37 -------- d-----r- c:\windows\AsDmiHtm
2012-08-09 04:24:17 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-08-09 04:17:57 102416 ----a-r- c:\windows\system32\RTNUninst32.dll
2012-08-09 04:17:56 81936 ----a-r- c:\windows\system32\RtNicProp32.dll
2012-08-09 04:17:56 323816 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-08-09 04:14:40 270080 ----a-r- c:\windows\system32\drivers\IntcDAud.sys
2012-08-08 17:43:25 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-08-08 17:43:25 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2012-08-08 17:09:19 -------- d-sh--w- C:\found.002
2012-08-08 14:35:07 -------- d-sh--w- C:\found.001
2012-08-08 14:32:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-27 03:43:26 -------- d-----w- c:\documents and settings\all users\application data\AVG
2012-07-27 00:47:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 00:47:23 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-26 23:58:11 -------- d-----w- c:\program files\Western Digital Corporation
2012-07-26 23:47:52 -------- d-----w- C:\Data Lifeguard NT
2012-07-26 01:17:39 -------- d-----w- c:\documents and settings\all users\application data\Motorola
2012-07-26 00:42:51 -------- d-----w- c:\documents and settings\russ\application data\Motorola Mobility
2012-07-26 00:42:35 15616 ----a-w- c:\windows\system32\mot_ci.dll
2012-07-26 00:42:01 -------- d-----w- c:\documents and settings\russ\application data\Motorola
2012-07-26 00:39:55 -------- d-----w- c:\program files\common files\Motorola Shared
2012-07-26 00:19:55 -------- d-----w- c:\program files\Motorola
2012-07-25 23:59:34 -------- d-----w- c:\documents and settings\russ\.android
2012-07-25 23:59:14 -------- d-----w- c:\documents and settings\russ\local settings\application data\Android
2012-07-25 16:16:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-25 16:16:42 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-24 06:07:52 -------- d-----w- c:\documents and settings\russ\Tracing
2012-07-24 06:06:56 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2012-07-24 06:06:29 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-07-24 06:05:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-24 06:03:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-07-24 06:01:46 74520 ----a-w- c:\program files\common files\windows live\.cache\cf020e181cd6961\DSETUP.dll
2012-07-24 06:01:46 484632 ----a-w- c:\program files\common files\windows live\.cache\cf020e181cd6961\DXSETUP.exe
2012-07-24 06:01:46 1670936 ----a-w- c:\program files\common files\windows live\.cache\cf020e181cd6961\dsetup32.dll
2012-07-24 06:01:31 1013800 ----a-w- c:\program files\common files\windows live\.cache\c5eb16f81cd6961\WindowsXP-KB954708-x86-ENU.exe
2012-07-24 05:59:44 -------- d-----w- c:\program files\common files\Windows Live
2012-07-24 05:59:05 -------- d-----w- c:\windows\system32\winrm
2012-07-24 05:58:59 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-24 05:35:51 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2012-07-24 05:35:51 -------- d-----w- c:\documents and settings\all users\application data\Anvisoft
.
==================== Find3M ====================
.
2012-07-27 00:47:09 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-27 00:25:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 00:25:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 19:20:49 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-07-13 05:49:50 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-07-13 05:49:50 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-20 16:56:41 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-08 16:32:43 230808 ----a-r- c:\windows\cpnprt2.cid
2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 17:07:16.64 ===============

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/2/2009 3:20:43 AM
System Uptime: 8/18/2012 4:38:32 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8H77-M PRO
Processor: Intel Pentium III Xeon processor | LGA1155 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 289.491 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is FIXED (NTFS) - 186 GiB total, 156.004 GiB free.
L: is FIXED (FAT32) - 698 GiB total, 171.77 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1192: 5/21/2012 1:30:35 PM - System Checkpoint
RP1193: 5/22/2012 2:41:00 PM - System Checkpoint
RP1194: 5/22/2012 7:49:39 PM - Software Distribution Service 3.0
RP1195: 5/22/2012 9:10:53 PM - Software Distribution Service 3.0
RP1196: 5/22/2012 9:15:38 PM - Software Distribution Service 3.0
RP1197: 5/22/2012 9:41:24 PM - Software Distribution Service 3.0
RP1198: 5/23/2012 10:21:22 PM - System Checkpoint
RP1199: 5/24/2012 11:30:32 PM - System Checkpoint
RP1200: 5/25/2012 11:47:21 PM - System Checkpoint
RP1201: 5/26/2012 4:41:08 PM - Restore Operation
RP1202: 5/27/2012 5:57:51 PM - System Checkpoint
RP1203: 5/28/2012 6:21:22 PM - System Checkpoint
RP1204: 5/29/2012 10:40:19 PM - System Checkpoint
RP1205: 5/30/2012 11:15:13 PM - System Checkpoint
RP1206: 6/1/2012 12:29:00 AM - System Checkpoint
RP1207: 6/2/2012 12:52:38 AM - System Checkpoint
RP1208: 6/3/2012 1:01:39 AM - System Checkpoint
RP1209: 6/4/2012 1:41:24 AM - System Checkpoint
RP1210: 6/4/2012 5:18:15 PM - Software Distribution Service 3.0
RP1211: 6/5/2012 8:37:15 PM - System Checkpoint
RP1212: 6/6/2012 9:11:02 PM - System Checkpoint
RP1213: 6/8/2012 9:29:20 AM - System Checkpoint
RP1214: 6/9/2012 9:38:26 AM - System Checkpoint
RP1215: 6/10/2012 9:50:09 AM - System Checkpoint
RP1216: 6/11/2012 3:33:25 PM - System Checkpoint
RP1217: 6/11/2012 10:22:02 PM - Installed Microsoft Fix it 50043
RP1218: 6/11/2012 10:35:57 PM - Installed Microsoft Fix it 50195
RP1219: 6/13/2012 12:01:33 AM - System Checkpoint
RP1220: 6/13/2012 9:30:06 PM - Software Distribution Service 3.0
RP1221: 6/15/2012 2:02:00 AM - System Checkpoint
RP1222: 6/17/2012 11:50:32 PM - System Checkpoint
RP1223: 6/19/2012 2:09:37 AM - System Checkpoint
RP1224: 6/20/2012 2:54:08 AM - System Checkpoint
RP1225: 6/20/2012 10:02:28 PM - Backup_2012_06_20
RP1226: 6/21/2012 10:07:18 PM - System Checkpoint
RP1227: 6/22/2012 10:10:54 PM - System Checkpoint
RP1228: 6/23/2012 11:29:20 PM - System Checkpoint
RP1229: 6/25/2012 12:01:15 AM - System Checkpoint
RP1230: 6/26/2012 12:38:59 AM - System Checkpoint
RP1231: 6/27/2012 1:18:42 AM - System Checkpoint
RP1232: 6/28/2012 1:39:45 AM - System Checkpoint
RP1233: 6/29/2012 1:45:54 AM - System Checkpoint
RP1234: 6/29/2012 5:56:44 PM - AVG Regisry Defrag - before defragmentation
RP1235: 6/30/2012 6:02:32 PM - System Checkpoint
RP1236: 7/1/2012 7:01:46 PM - System Checkpoint
RP1237: 7/2/2012 7:53:57 PM - System Checkpoint
RP1238: 7/3/2012 8:48:05 PM - System Checkpoint
RP1239: 7/4/2012 11:28:34 PM - System Checkpoint
RP1240: 7/5/2012 11:45:25 PM - System Checkpoint
RP1241: 7/7/2012 12:40:53 AM - System Checkpoint
RP1242: 7/8/2012 1:00:14 PM - System Checkpoint
RP1243: 7/9/2012 1:14:08 PM - System Checkpoint
RP1244: 7/10/2012 2:09:40 PM - System Checkpoint
RP1245: 7/11/2012 3:00:36 AM - Software Distribution Service 3.0
RP1246: 7/12/2012 3:35:11 AM - System Checkpoint
RP1247: 7/13/2012 4:29:30 AM - System Checkpoint
RP1248: 7/14/2012 4:42:12 AM - System Checkpoint
RP1249: 7/15/2012 5:38:52 AM - System Checkpoint
RP1250: 7/17/2012 4:22:29 PM - System Checkpoint
RP1251: 7/18/2012 10:38:53 PM - System Checkpoint
RP1252: 7/19/2012 10:42:02 PM - System Checkpoint
RP1253: 7/20/2012 11:36:18 PM - System Checkpoint
RP1254: 7/22/2012 12:30:40 AM - System Checkpoint
RP1255: 7/23/2012 1:25:04 AM - System Checkpoint
RP1256: 7/23/2012 9:41:27 PM - Restore Operation
RP1257: 7/23/2012 10:57:15 PM - Software Distribution Service 3.0
RP1258: 7/24/2012 8:45:54 AM - Software Distribution Service 3.0
RP1259: 7/25/2012 11:18:11 AM - System Checkpoint
RP1260: 7/25/2012 5:19:54 PM - Installed RSDLite
RP1261: 7/25/2012 5:42:14 PM - Installed Motorola Device Manager
RP1262: 7/26/2012 5:37:55 PM - Installed HP Product Detection
RP1263: 7/26/2012 5:38:08 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP1264: 7/26/2012 5:46:39 PM - Removed Java™ 6 Update 31
RP1265: 7/26/2012 5:47:00 PM - Installed Java™ 6 Update 33
RP1266: 7/26/2012 5:52:14 PM - Removed Sonic CinePlayer DVD Pack
RP1267: 7/26/2012 5:54:01 PM - Removed Bing Bar
RP1268: 7/27/2012 4:56:33 PM - Software Distribution Service 3.0
RP1269: 7/28/2012 5:30:20 PM - System Checkpoint
RP1270: 7/29/2012 6:14:51 PM - System Checkpoint
RP1271: 7/30/2012 6:40:46 PM - System Checkpoint
RP1272: 7/31/2012 7:32:28 PM - System Checkpoint
RP1273: 8/2/2012 2:13:13 PM - Cleaned Computer
RP1274: 8/2/2012 2:13:39 PM - Cleaned Computer
RP1275: 8/3/2012 2:51:07 PM - System Checkpoint
RP1276: 8/4/2012 3:01:44 PM - System Checkpoint
RP1277: 8/8/2012 9:38:43 PM - Installed Realtek High Definition Audio Driver
RP1278: 8/8/2012 9:42:05 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP1279: 8/9/2012 12:24:26 AM - Removed RSDLite
RP1280: 8/10/2012 12:33:26 AM - System Checkpoint
RP1281: 8/11/2012 2:12:15 AM - System Checkpoint
RP1282: 8/15/2012 6:14:38 PM - System Checkpoint
RP1283: 8/15/2012 10:26:45 PM - Removed Motorola Device Manager
RP1284: 8/17/2012 11:21:45 AM - System Checkpoint
RP1285: 8/18/2012 12:02:31 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
1600
1600_Help
1600Trb
737 Pilot in Command
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Aerosoft's - F-16 Fighting Falcon
Aerosoft's - Flight Calculator
AiO_Scan
AiOSoftware
Anvi Smart Defender 1.5
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar Updater
Atech Flash Card Reader Driver Ver.2500
AVG 2012
AVG PC Tuneup
AVS Audio Converter 7
AVS Audio Converter version 6.2
AVS Audio Converter version 6.3
AVS Audio Editor 7.1
AVS Audio Editor version 5.2
AVS Audio Recorder version 3.9
AVS Audio Recorder version 4.0
AVS Cover Editor 1.3.1.96 (AVS4YOU)
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.2.3
AVS DVD Authoring
AVS DVD Copy 4.1.2.283
AVS Image Converter 2.2.1.209
AVS Media Player 3.1
AVS Ringtone Maker version 1.6
AVS Screen Capture version 2.0.1
AVS System Info
AVS TV Recorder 2.1.2
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.5
AVS Video ReMaker 4.1.1.144
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
Battle of Britain - Hurricane
Bonjour
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Codec
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture DC
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Copy
Corel VideoStudio 12
Coupon Printer for Windows
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
DVD Shrink 3.2
EditVoicepack
EditVoicepack X
Falcon 4.0: Allied Force
Fax
FeelThere PIC ERJ-145LR 1.1b
ffdshow [rev 2527] [2008-12-19]
Flight One ATR 72-500
Free Internet Eraser
Google Earth
Google Update Helper
Hauppauge WinTV Infrared Remote
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Update
HPSystemDiagnostics
HTC BMP USB Driver
HTC Driver Installer
IDT Audio
ImgBurn
InstantShare
InstantShareAlert
Intel® Management Engine Components
Intel® Management Engine Interface
Intel® Network Connections 15.1.29.0
Intel® Processor Graphics
Intel® Processor ID Utility
Intel® Trusted Connect Service Client
iTunes
Java Auto Updater
Java™ 6 Update 33
Junk Mail filter update
Just Flight - 757 Captain FS2004
Just Flight 777 Professional v1.00
Legacy 'The Luxury Aircraft Collection'
LightScribe Applications
LightScribe System Software
LightScribe Template Designs - 9 to 5 Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Quick and Simple Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Labeler
Logitech Gaming Software 5.10
LP_Flash
Luke AFB F-16 Package
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows XP Video Decoder Checkup Utility
MotoHelper MergeModules
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Music Manager
neroxml
NETGEAR WNA3100 wireless USB 2.0 adapter
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
PanoStandAlone
PhotoGallery
PMDG 747-400/400F for FSX
PMDG744X_GE_KL
PMDG744X_GE_LH
PMDG744X_PW_NW3
PMDG744X_PW_UA3
PMDG744X_RR_BA
PMDG744XF_GE_VC25A
PMDG744XF_PW_FXF
ProductContext
QFolder
QuickTime
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Regional Jet Vol.1 - CRJ (FS2004)
Regional Jet Vol.1 - CRJ (FSX)
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
SkinsHP1
Skysoft Simulation ZULZ - Luzhou Lantian Airport
SmartSound Quicktracks Plugin
SpeedFan (remove only)
Spybot - Search & Destroy
System Requirements Lab
System Requirements Lab for Intel
TrayApp
TurboTax 2011
TurboTax 2011 waziper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Tweak UI
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
VideoStudio
VLC media player 2.0.1
WebFldrs XP
WebReg
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
8/16/2012 8:15:43 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The process cannot access the file because it is being used by another process.
8/16/2012 8:15:10 PM, error: SRService [104] - The System Restore initialization process failed.
8/16/2012 1:09:07 PM, error: Service Control Manager [7034] - The Anvi Smart Defender Realtime Guard Service service terminated unexpectedly. It has done this 1 time(s).
8/16/2012 1:08:46 PM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Zebrbus service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Wanusb service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The VrAcFil service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Vetmonnt service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Ufdsvc service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The UCTblHid service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Tmtdi service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Tmlisten service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The SE2Dbus service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Oraclemtsrecoveryservice service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Nsynas32 service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The NEOFLTR_600_13319 service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Mysql service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Mwssched service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Mrpostman service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Mdm service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Kbfiltr service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Issm service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The IntelC52 service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The IAimFP5 service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The DCamUSBGrandTek service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Clr_optimization_v2.0.50215_32 service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The BsHelpCS service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Besclient service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Axskbus service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The As32svc service terminated with the following error: The specified module could not be found.
8/16/2012 1:08:20 PM, error: Service Control Manager [7023] - The Admservice service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

GMER scan:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-18 20:03:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7 WDC_WD6400AAKS-65A7B0 rev.01.03B01
Running: gmer.exe; Driver: C:\DOCUME~1\Russ\LOCALS~1\Temp\uwtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA7C2B004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA7C2B0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA7C2AD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA7C2AE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA7C2AEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA7C2AF56]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Russ\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[536] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E757F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2212] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp asdws.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp asdws.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp asdws.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

Original post:
http://www.bleepingcomputer.com/forums/topic465520.html

Thank you for the assistance.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 AM

Posted 21 August 2012 - 07:02 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from the following location:

Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 21 August 2012 - 09:00 PM

Thank you for the assistance, here is the log from the first step...

TDSSKiller Log:

17:29:11.0984 6608 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
17:29:12.0734 6608 ============================================================
17:29:12.0734 6608 Current date / time: 2012/08/21 17:29:12.0734
17:29:12.0734 6608 SystemInfo:
17:29:12.0734 6608
17:29:12.0734 6608 OS Version: 5.1.2600 ServicePack: 3.0
17:29:12.0734 6608 Product type: Workstation
17:29:12.0734 6608 ComputerName: RUSSELL
17:29:12.0734 6608 UserName: Russ
17:29:12.0734 6608 Windows directory: C:\WINDOWS
17:29:12.0734 6608 System windows directory: C:\WINDOWS
17:29:12.0734 6608 Processor architecture: Intel x86
17:29:12.0734 6608 Number of processors: 4
17:29:12.0734 6608 Page size: 0x1000
17:29:12.0734 6608 Boot type: Normal boot
17:29:12.0734 6608 ============================================================
17:29:14.0828 6608 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:14.0875 6608 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:14.0890 6608 Drive \Device\Harddisk7\DR14 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:29:15.0265 6608 ============================================================
17:29:15.0265 6608 \Device\Harddisk0\DR0:
17:29:15.0265 6608 MBR partitions:
17:29:15.0265 6608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
17:29:15.0265 6608 \Device\Harddisk1\DR1:
17:29:15.0265 6608 MBR partitions:
17:29:15.0265 6608 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
17:29:15.0265 6608 \Device\Harddisk7\DR14:
17:29:15.0265 6608 MBR partitions:
17:29:15.0265 6608 \Device\Harddisk7\DR14\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x575452C2
17:29:15.0265 6608 ============================================================
17:29:15.0312 6608 C: <-> \Device\Harddisk0\DR0\Partition1
17:29:15.0328 6608 K: <-> \Device\Harddisk1\DR1\Partition1
17:29:15.0343 6608 L: <-> \Device\Harddisk7\DR14\Partition1
17:29:15.0343 6608 ============================================================
17:29:15.0343 6608 Initialize success
17:29:15.0343 6608 ============================================================
17:29:50.0234 7868 ============================================================
17:29:50.0234 7868 Scan started
17:29:50.0234 7868 Mode: Manual; TDLFS;
17:29:50.0234 7868 ============================================================
17:29:50.0500 7868 ================ Scan system memory ========================
17:29:50.0500 7868 System memory - ok
17:29:50.0500 7868 ================ Scan services =============================
17:29:50.0812 7868 Abiosdsk - ok
17:29:50.0812 7868 abp480n5 - ok
17:29:50.0812 7868 acmservice - ok
17:29:50.0906 7868 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:50.0953 7868 ACPI - ok
17:29:50.0984 7868 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:51.0000 7868 ACPIEC - ok
17:29:51.0140 7868 [ 6C40D5ED8951AB7B90D08AF655224EE4 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:29:51.0140 7868 AdobeFlashPlayerUpdateSvc - ok
17:29:51.0140 7868 adpu160m - ok
17:29:51.0187 7868 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:29:51.0234 7868 aec - ok
17:29:51.0328 7868 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:29:51.0343 7868 AFD - ok
17:29:51.0343 7868 Aha154x - ok
17:29:51.0343 7868 aic78u2 - ok
17:29:51.0359 7868 aic78xx - ok
17:29:51.0406 7868 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:29:51.0406 7868 Alerter - ok
17:29:51.0437 7868 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:29:51.0437 7868 ALG - ok
17:29:51.0437 7868 AliIde - ok
17:29:52.0000 7868 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
17:29:52.0546 7868 Ambfilt - ok
17:29:52.0546 7868 amsint - ok
17:29:52.0625 7868 [ 74FC9F8F2D6B80A58AEBD64F496D7C09 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:29:52.0625 7868 AnyDVD - ok
17:29:52.0750 7868 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:29:52.0765 7868 Apple Mobile Device - ok
17:29:52.0765 7868 AppMgmt - ok
17:29:52.0812 7868 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:29:52.0828 7868 Arp1394 - ok
17:29:52.0828 7868 asc - ok
17:29:52.0843 7868 asc3350p - ok
17:29:52.0843 7868 asc3550 - ok
17:29:52.0859 7868 [ 16CDE6977CC88433BF3767C4D42B22D3 ] asdrm C:\WINDOWS\system32\DRIVERS\asdrm.sys
17:29:52.0859 7868 asdrm - ok
17:29:52.0890 7868 [ 3E62E3122E534254DD314FA8A7B6BF48 ] asdrs C:\WINDOWS\system32\DRIVERS\asdrs.sys
17:29:52.0890 7868 asdrs - ok
17:29:53.0171 7868 [ 197EB3CDE17B18C78E1B5324D2E0A451 ] asdsrv C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
17:29:53.0171 7868 asdsrv - ok
17:29:53.0187 7868 [ 9AFCF85708576F3EF6FB868B6C604C01 ] asdws C:\WINDOWS\system32\DRIVERS\asdws.sys
17:29:53.0187 7868 asdws - ok
17:29:53.0296 7868 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:29:53.0296 7868 aspnet_state - ok
17:29:53.0312 7868 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:53.0328 7868 AsyncMac - ok
17:29:53.0390 7868 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:53.0390 7868 atapi - ok
17:29:53.0390 7868 Atdisk - ok
17:29:53.0437 7868 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:53.0453 7868 Atmarpc - ok
17:29:53.0484 7868 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:29:53.0484 7868 AudioSrv - ok
17:29:53.0515 7868 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:53.0515 7868 audstub - ok
17:29:55.0218 7868 [ BA60FD7A64B9759A14C0FBA4A9ED4C7B ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
17:29:55.0250 7868 AVGIDSAgent - ok
17:29:55.0328 7868 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
17:29:55.0328 7868 AVGIDSDriver - ok
17:29:55.0359 7868 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
17:29:55.0359 7868 AVGIDSFilter - ok
17:29:55.0390 7868 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
17:29:55.0390 7868 AVGIDSHX - ok
17:29:55.0421 7868 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
17:29:55.0421 7868 AVGIDSShim - ok
17:29:55.0500 7868 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:29:55.0500 7868 Avgldx86 - ok
17:29:55.0515 7868 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:29:55.0515 7868 Avgmfx86 - ok
17:29:55.0531 7868 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:29:55.0531 7868 Avgrkx86 - ok
17:29:55.0640 7868 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:29:55.0640 7868 Avgtdix - ok
17:29:55.0734 7868 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
17:29:55.0734 7868 avgwd - ok
17:29:55.0734 7868 avupdsvc - ok
17:29:55.0734 7868 bcftdi - ok
17:29:55.0750 7868 BCM42RLY - ok
17:29:56.0093 7868 [ BCDF72DCE41874B3AD9143D537B493B2 ] BCMH43XX C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
17:29:56.0437 7868 BCMH43XX - ok
17:29:56.0484 7868 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:29:56.0484 7868 Beep - ok
17:29:56.0656 7868 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:29:56.0875 7868 BITS - ok
17:29:57.0062 7868 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:29:57.0078 7868 Bonjour Service - ok
17:29:57.0125 7868 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:29:57.0140 7868 Browser - ok
17:29:57.0140 7868 BTCFilterService - ok
17:29:57.0171 7868 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:29:57.0187 7868 BVRPMPR5 - ok
17:29:57.0203 7868 c34nb4c5 - ok
17:29:57.0218 7868 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:57.0234 7868 cbidf2k - ok
17:29:57.0312 7868 [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
17:29:57.0312 7868 CCALib8 - ok
17:29:57.0343 7868 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:29:57.0359 7868 CCDECODE - ok
17:29:57.0359 7868 cd20xrnt - ok
17:29:57.0390 7868 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:57.0390 7868 Cdaudio - ok
17:29:57.0421 7868 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:57.0421 7868 Cdfs - ok
17:29:57.0484 7868 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:57.0500 7868 Cdrom - ok
17:29:57.0500 7868 Changer - ok
17:29:57.0531 7868 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:29:57.0531 7868 CiSvc - ok
17:29:57.0562 7868 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:29:57.0562 7868 ClipSrv - ok
17:29:57.0625 7868 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:57.0687 7868 clr_optimization_v2.0.50727_32 - ok
17:29:57.0796 7868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:29:57.0796 7868 clr_optimization_v4.0.30319_32 - ok
17:29:57.0796 7868 CmdIde - ok
17:29:57.0796 7868 COMSysApp - ok
17:29:57.0796 7868 Cpqarray - ok
17:29:57.0875 7868 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
17:29:57.0875 7868 cpudrv - ok
17:29:57.0906 7868 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:29:57.0921 7868 CryptSvc - ok
17:29:57.0921 7868 ctusfsyn - ok
17:29:57.0921 7868 dac2w2k - ok
17:29:57.0921 7868 dac960nt - ok
17:29:58.0078 7868 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:29:58.0203 7868 DcomLaunch - ok
17:29:58.0250 7868 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:29:58.0296 7868 Dhcp - ok
17:29:58.0312 7868 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:58.0312 7868 Disk - ok
17:29:58.0312 7868 dlbu_device - ok
17:29:58.0312 7868 dmadmin - ok
17:29:58.0593 7868 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:29:58.0843 7868 dmboot - ok
17:29:58.0921 7868 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:29:58.0968 7868 dmio - ok
17:29:59.0000 7868 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:29:59.0000 7868 dmload - ok
17:29:59.0015 7868 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:29:59.0031 7868 dmserver - ok
17:29:59.0062 7868 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:29:59.0078 7868 DMusic - ok
17:29:59.0156 7868 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:29:59.0156 7868 Dnscache - ok
17:29:59.0218 7868 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:29:59.0265 7868 Dot3svc - ok
17:29:59.0265 7868 dpti2o - ok
17:29:59.0281 7868 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:59.0281 7868 drmkaud - ok
17:29:59.0375 7868 [ 00043180E141111E91F008D6D86A0BBC ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
17:29:59.0453 7868 e1yexpress - ok
17:29:59.0484 7868 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:29:59.0500 7868 EapHost - ok
17:29:59.0531 7868 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:29:59.0531 7868 ElbyCDIO - ok
17:29:59.0578 7868 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:29:59.0578 7868 ERSvc - ok
17:29:59.0656 7868 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:29:59.0656 7868 Eventlog - ok
17:29:59.0765 7868 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:29:59.0828 7868 EventSystem - ok
17:29:59.0875 7868 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:59.0906 7868 Fastfat - ok
17:29:59.0984 7868 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:30:00.0015 7868 FastUserSwitchingCompatibility - ok
17:30:00.0062 7868 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:30:00.0062 7868 Fdc - ok
17:30:00.0093 7868 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:30:00.0093 7868 Fips - ok
17:30:00.0125 7868 [ 4589FEB9ADAA2654684BFF886F92882F ] FIXUSTOR C:\WINDOWS\system32\DRIVERS\fixustor.sys
17:30:00.0140 7868 FIXUSTOR - ok
17:30:00.0140 7868 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:30:00.0140 7868 Flpydisk - ok
17:30:00.0203 7868 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:30:00.0234 7868 FltMgr - ok
17:30:00.0296 7868 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:30:00.0296 7868 FontCache3.0.0.0 - ok
17:30:00.0296 7868 freebsd - ok
17:30:00.0343 7868 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:30:00.0343 7868 fssfltr - ok
17:30:00.0671 7868 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:30:00.0671 7868 fsssvc - ok
17:30:00.0687 7868 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:30:00.0687 7868 Fs_Rec - ok
17:30:00.0734 7868 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:30:00.0750 7868 Ftdisk - ok
17:30:00.0796 7868 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:30:00.0796 7868 GEARAspiWDM - ok
17:30:00.0812 7868 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
17:30:00.0812 7868 giveio - ok
17:30:00.0812 7868 GMSIPCI - ok
17:30:00.0828 7868 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:30:00.0843 7868 Gpc - ok
17:30:00.0875 7868 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
17:30:00.0875 7868 grmnusb - ok
17:30:00.0968 7868 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9cbbf78e720d8 C:\Program Files\Google\Update\GoogleUpdate.exe
17:30:00.0968 7868 gupdate1c9cbbf78e720d8 - ok
17:30:01.0015 7868 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:30:01.0015 7868 gupdatem - ok
17:30:01.0265 7868 [ 74B7A0F6E57A4D81EE00BEF9BFDA1484 ] hcw18bda C:\WINDOWS\system32\drivers\hcw18bda.sys
17:30:01.0500 7868 hcw18bda - ok
17:30:01.0562 7868 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:30:01.0562 7868 HDAudBus - ok
17:30:01.0609 7868 [ 240D715CFE4FB8F4CDA76F6863E62334 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
17:30:01.0625 7868 HECI - ok
17:30:01.0640 7868 helpsvc - ok
17:30:01.0671 7868 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:30:01.0687 7868 HidServ - ok
17:30:01.0734 7868 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:30:01.0734 7868 hidusb - ok
17:30:01.0796 7868 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:30:01.0812 7868 hkmsvc - ok
17:30:01.0812 7868 hpn - ok
17:30:01.0875 7868 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:30:01.0890 7868 HPZid412 - ok
17:30:01.0890 7868 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:30:01.0890 7868 HPZipr12 - ok
17:30:01.0906 7868 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:30:01.0921 7868 HPZius12 - ok
17:30:01.0953 7868 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
17:30:01.0968 7868 HTCAND32 - ok
17:30:02.0000 7868 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
17:30:02.0015 7868 htcnprot - ok
17:30:02.0109 7868 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:30:02.0171 7868 HTTP - ok
17:30:02.0234 7868 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:30:02.0234 7868 HTTPFilter - ok
17:30:02.0234 7868 i2omgmt - ok
17:30:02.0234 7868 i2omp - ok
17:30:02.0281 7868 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:30:02.0296 7868 i8042prt - ok
17:30:03.0171 7868 [ A4978E73E18AED6F6765854BA27D674B ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:30:04.0000 7868 ialm - ok
17:30:04.0000 7868 ichaud - ok
17:30:04.0078 7868 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:30:04.0078 7868 IDriverT - ok
17:30:04.0406 7868 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:30:04.0406 7868 idsvc - ok
17:30:04.0437 7868 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:30:04.0453 7868 Imapi - ok
17:30:04.0531 7868 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:30:04.0531 7868 ImapiService - ok
17:30:04.0531 7868 ini910u - ok
17:30:06.0828 7868 [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:30:06.0859 7868 IntcAzAudAddService - ok
17:30:06.0953 7868 [ F4804891676F2EFAA81CBF5F2393AD2A ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
17:30:07.0062 7868 IntcDAud - ok
17:30:07.0265 7868 [ C86A9AA1CBC4C3C2C5C9DD0F6D939926 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:30:07.0265 7868 Intel® Capability Licensing Service Interface - ok
17:30:07.0265 7868 IntelIde - ok
17:30:07.0296 7868 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:30:07.0296 7868 intelppm - ok
17:30:07.0375 7868 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:30:07.0375 7868 IntuitUpdateServiceV4 - ok
17:30:07.0406 7868 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:30:07.0421 7868 Ip6Fw - ok
17:30:07.0453 7868 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:30:07.0468 7868 IpFilterDriver - ok
17:30:07.0484 7868 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:30:07.0484 7868 IpInIp - ok
17:30:07.0546 7868 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:30:07.0593 7868 IpNat - ok
17:30:07.0921 7868 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:30:07.0921 7868 iPod Service - ok
17:30:07.0937 7868 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:30:07.0968 7868 IPSec - ok
17:30:07.0968 7868 IPSECSHM - ok
17:30:07.0984 7868 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:30:08.0000 7868 IRENUM - ok
17:30:08.0031 7868 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:30:08.0031 7868 isapnp - ok
17:30:08.0140 7868 [ 28E8A9984BA1297EFE44B6138D2CA51E ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:30:08.0140 7868 JavaQuickStarterService - ok
17:30:08.0234 7868 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
17:30:08.0234 7868 jhi_service - ok
17:30:08.0234 7868 k750obex - ok
17:30:08.0265 7868 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:30:08.0281 7868 Kbdclass - ok
17:30:08.0281 7868 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:30:08.0296 7868 kbdhid - ok
17:30:08.0343 7868 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:30:08.0406 7868 kmixer - ok
17:30:08.0453 7868 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:30:08.0453 7868 KSecDD - ok
17:30:08.0515 7868 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:30:08.0531 7868 lanmanserver - ok
17:30:08.0609 7868 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:30:08.0640 7868 lanmanworkstation - ok
17:30:08.0640 7868 lbrtfdc - ok
17:30:08.0656 7868 LHidUsbK - ok
17:30:08.0718 7868 [ 9C0546A363FCF52C4AAC6560A92E88FF ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:30:08.0718 7868 LightScribeService - ok
17:30:08.0750 7868 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:30:08.0781 7868 LmHosts - ok
17:30:08.0906 7868 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:30:08.0906 7868 LMS - ok
17:30:08.0921 7868 LVVI500A - ok
17:30:08.0921 7868 mctskshd.exe - ok
17:30:08.0953 7868 [ 240D715CFE4FB8F4CDA76F6863E62334 ] MEI C:\WINDOWS\system32\DRIVERS\HECI.sys
17:30:08.0953 7868 MEI - ok
17:30:08.0984 7868 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:30:09.0000 7868 Messenger - ok
17:30:09.0000 7868 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:30:09.0015 7868 mnmdd - ok
17:30:09.0046 7868 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:30:09.0046 7868 mnmsrvc - ok
17:30:09.0093 7868 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:30:09.0109 7868 Modem - ok
17:30:09.0562 7868 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
17:30:10.0031 7868 Monfilt - ok
17:30:10.0046 7868 motandroidusb - ok
17:30:10.0046 7868 motccgp - ok
17:30:10.0046 7868 motccgpfl - ok
17:30:10.0046 7868 MotDev - ok
17:30:10.0046 7868 motmodem - ok
17:30:10.0046 7868 MotoSwitchService - ok
17:30:10.0046 7868 Motousbnet - ok
17:30:10.0046 7868 motusbdevice - ok
17:30:10.0093 7868 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:30:10.0093 7868 Mouclass - ok
17:30:10.0109 7868 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:30:10.0109 7868 mouhid - ok
17:30:10.0140 7868 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:30:10.0140 7868 MountMgr - ok
17:30:10.0171 7868 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
17:30:10.0171 7868 MPE - ok
17:30:10.0171 7868 mraid35x - ok
17:30:10.0234 7868 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:30:10.0265 7868 MRxDAV - ok
17:30:10.0437 7868 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:30:10.0562 7868 MRxSmb - ok
17:30:10.0578 7868 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:30:10.0578 7868 MSDTC - ok
17:30:10.0578 7868 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:30:10.0578 7868 Msfs - ok
17:30:10.0578 7868 MSIServer - ok
17:30:10.0609 7868 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:30:10.0609 7868 MSKSSRV - ok
17:30:10.0625 7868 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:30:10.0625 7868 MSPCLOCK - ok
17:30:10.0625 7868 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:30:10.0640 7868 MSPQM - ok
17:30:10.0640 7868 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:30:10.0656 7868 mssmbios - ok
17:30:10.0656 7868 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:30:10.0656 7868 MSTEE - ok
17:30:10.0703 7868 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:30:10.0718 7868 Mup - ok
17:30:10.0781 7868 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:30:10.0812 7868 NABTSFEC - ok
17:30:10.0937 7868 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:30:11.0031 7868 napagent - ok
17:30:11.0093 7868 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:30:11.0125 7868 NDIS - ok
17:30:11.0156 7868 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:30:11.0156 7868 NdisIP - ok
17:30:11.0187 7868 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:30:11.0187 7868 NdisTapi - ok
17:30:11.0203 7868 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:30:11.0203 7868 Ndisuio - ok
17:30:11.0234 7868 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:30:11.0265 7868 NdisWan - ok
17:30:11.0312 7868 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:30:11.0312 7868 NDProxy - ok
17:30:11.0328 7868 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:30:11.0328 7868 NetBIOS - ok
17:30:11.0390 7868 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:30:11.0453 7868 NetBT - ok
17:30:11.0531 7868 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:30:11.0531 7868 NetDDE - ok
17:30:11.0562 7868 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:30:11.0562 7868 NetDDEdsdm - ok
17:30:11.0578 7868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:30:11.0578 7868 Netlogon - ok
17:30:11.0671 7868 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:30:11.0734 7868 Netman - ok
17:30:11.0828 7868 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:30:11.0828 7868 NetTcpPortSharing - ok
17:30:11.0875 7868 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:30:11.0890 7868 NIC1394 - ok
17:30:11.0890 7868 nimcdldu - ok
17:30:12.0000 7868 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:30:12.0062 7868 Nla - ok
17:30:12.0062 7868 nmindexingservice - ok
17:30:12.0093 7868 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\DRIVERS\npf.sys
17:30:12.0109 7868 NPF - ok
17:30:12.0125 7868 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:30:12.0125 7868 Npfs - ok
17:30:12.0296 7868 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:30:12.0468 7868 Ntfs - ok
17:30:12.0468 7868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:30:12.0468 7868 NtLmSsp - ok
17:30:12.0625 7868 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:30:12.0765 7868 NtmsSvc - ok
17:30:12.0812 7868 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:30:12.0812 7868 NuidFltr - ok
17:30:12.0859 7868 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:30:12.0859 7868 Null - ok
17:30:16.0062 7868 [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:30:19.0234 7868 nv - ok
17:30:19.0281 7868 [ 50ACB7253D1104E5917E15A0670D63D5 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
17:30:19.0312 7868 NVHDA - ok
17:30:19.0375 7868 [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
17:30:19.0375 7868 nvsvc - ok
17:30:19.0421 7868 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:30:19.0421 7868 NwlnkFlt - ok
17:30:19.0437 7868 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:30:19.0453 7868 NwlnkFwd - ok
17:30:19.0718 7868 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:30:19.0718 7868 odserv - ok
17:30:19.0750 7868 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:30:19.0750 7868 ohci1394 - ok
17:30:19.0843 7868 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:19.0843 7868 ose - ok
17:30:19.0843 7868 pageserver - ok
17:30:19.0921 7868 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:30:19.0953 7868 Parport - ok
17:30:19.0953 7868 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:30:19.0953 7868 PartMgr - ok
17:30:19.0984 7868 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:30:19.0984 7868 ParVdm - ok
17:30:20.0093 7868 [ 5FBCC9EEEFACA3019D5BD5979618F298 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
17:30:20.0093 7868 PassThru Service - ok
17:30:20.0093 7868 pca - ok
17:30:20.0125 7868 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:30:20.0140 7868 PCI - ok
17:30:20.0140 7868 PCIDump - ok
17:30:20.0156 7868 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:30:20.0156 7868 PCIIde - ok
17:30:20.0203 7868 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:30:20.0234 7868 Pcmcia - ok
17:30:20.0234 7868 PDCOMP - ok
17:30:20.0250 7868 PDFRAME - ok
17:30:20.0250 7868 PDRELI - ok
17:30:20.0250 7868 PDRFRAME - ok
17:30:20.0250 7868 perc2 - ok
17:30:20.0250 7868 perc2hib - ok
17:30:20.0250 7868 persfw - ok
17:30:20.0312 7868 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:30:20.0312 7868 PlugPlay - ok
17:30:20.0359 7868 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:30:20.0359 7868 Pml Driver HPZ12 - ok
17:30:20.0390 7868 [ CF7C1868B90C90A265FC3F60CE46265B ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
17:30:20.0406 7868 Point32 - ok
17:30:20.0406 7868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:30:20.0406 7868 PolicyAgent - ok
17:30:20.0453 7868 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:30:20.0468 7868 PptpMiniport - ok
17:30:20.0468 7868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:30:20.0468 7868 ProtectedStorage - ok
17:30:20.0500 7868 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:30:20.0515 7868 PSched - ok
17:30:20.0515 7868 psdvdisk - ok
17:30:20.0546 7868 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:30:20.0562 7868 Ptilink - ok
17:30:20.0562 7868 pwisvc - ok
17:30:20.0562 7868 ql1080 - ok
17:30:20.0562 7868 Ql10wnt - ok
17:30:20.0562 7868 ql12160 - ok
17:30:20.0562 7868 ql1240 - ok
17:30:20.0562 7868 ql1280 - ok
17:30:20.0593 7868 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:30:20.0593 7868 RasAcd - ok
17:30:20.0625 7868 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:30:20.0656 7868 RasAuto - ok
17:30:20.0687 7868 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:30:20.0703 7868 Rasl2tp - ok
17:30:20.0796 7868 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:30:20.0875 7868 RasMan - ok
17:30:20.0890 7868 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:30:20.0906 7868 RasPppoe - ok
17:30:20.0921 7868 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:30:20.0921 7868 Raspti - ok
17:30:21.0000 7868 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:30:21.0031 7868 Rdbss - ok
17:30:21.0046 7868 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:30:21.0062 7868 RDPCDD - ok
17:30:21.0140 7868 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:30:21.0156 7868 RDPWD - ok
17:30:21.0218 7868 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:30:21.0218 7868 RDSessMgr - ok
17:30:21.0250 7868 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:30:21.0265 7868 redbook - ok
17:30:21.0312 7868 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:30:21.0328 7868 RemoteAccess - ok
17:30:21.0359 7868 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:30:21.0359 7868 RpcLocator - ok
17:30:21.0500 7868 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:30:21.0500 7868 RpcSs - ok
17:30:21.0500 7868 RR2IOMod - ok
17:30:21.0562 7868 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:30:21.0562 7868 RSVP - ok
17:30:21.0703 7868 [ D3578C3806ED545E5C36B2A20F5C0B5A ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:30:21.0703 7868 RTLE8023xp - ok
17:30:21.0703 7868 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:30:21.0703 7868 SamSs - ok
17:30:21.0750 7868 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:30:21.0750 7868 SCardSvr - ok
17:30:21.0812 7868 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:30:21.0828 7868 Schedule - ok
17:30:21.0828 7868 [ BA0D892D2F786BCEBDF03B0A252B47F3 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:30:21.0843 7868 Secdrv - ok
17:30:21.0875 7868 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:30:21.0890 7868 seclogon - ok
17:30:21.0906 7868 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\System32\sens.dll
17:30:21.0906 7868 SENS - ok
17:30:21.0921 7868 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:30:21.0921 7868 serenum - ok
17:30:21.0953 7868 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:30:21.0968 7868 Serial - ok
17:30:21.0968 7868 sffdisk - ok
17:30:22.0000 7868 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:30:22.0000 7868 Sfloppy - ok
17:30:22.0125 7868 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:30:22.0203 7868 SharedAccess - ok
17:30:22.0265 7868 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:30:22.0265 7868 ShellHWDetection - ok
17:30:22.0265 7868 Simbad - ok
17:30:22.0328 7868 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:30:22.0328 7868 SLIP - ok
17:30:22.0328 7868 Sparrow - ok
17:30:22.0375 7868 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS\system32\speedfan.sys
17:30:22.0375 7868 speedfan - ok
17:30:22.0390 7868 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:30:22.0390 7868 splitter - ok
17:30:22.0406 7868 spmd - ok
17:30:22.0437 7868 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:30:22.0437 7868 Spooler - ok
17:30:22.0437 7868 SQLAgent$LG_LP2 - ok
17:30:22.0453 7868 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:30:22.0468 7868 sr - ok
17:30:22.0515 7868 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:30:22.0515 7868 srservice - ok
17:30:22.0515 7868 SRS_SSCFilter - ok
17:30:22.0640 7868 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:30:22.0734 7868 Srv - ok
17:30:22.0765 7868 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:30:22.0781 7868 SSDPSRV - ok
17:30:22.0781 7868 ssm_bus - ok
17:30:22.0906 7868 [ 302318C3470DA978514DE6918251FAAC ] STacSV c:\program files\idt\wdm\STacSV.exe
17:30:22.0921 7868 STacSV - ok
17:30:23.0468 7868 [ DD207C1C7CCDCC61CCC8D7379DE4910B ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:30:24.0015 7868 STHDA - ok
17:30:24.0125 7868 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:30:24.0140 7868 stisvc - ok
17:30:24.0156 7868 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:30:24.0156 7868 streamip - ok
17:30:24.0203 7868 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:30:24.0203 7868 swenum - ok
17:30:24.0234 7868 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:30:24.0250 7868 swmidi - ok
17:30:24.0250 7868 SwPrv - ok
17:30:24.0250 7868 symc810 - ok
17:30:24.0265 7868 symc8xx - ok
17:30:24.0265 7868 sym_hi - ok
17:30:24.0265 7868 sym_u3 - ok
17:30:24.0296 7868 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:30:24.0328 7868 sysaudio - ok
17:30:24.0359 7868 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:30:24.0359 7868 SysmonLog - ok
17:30:24.0453 7868 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:30:24.0515 7868 TapiSrv - ok
17:30:24.0671 7868 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:30:24.0765 7868 Tcpip - ok
17:30:24.0796 7868 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:30:24.0796 7868 TDPIPE - ok
17:30:24.0812 7868 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:30:24.0812 7868 TDTCP - ok
17:30:24.0859 7868 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:30:24.0875 7868 TermDD - ok
17:30:25.0000 7868 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:30:25.0046 7868 TermService - ok
17:30:25.0109 7868 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:30:25.0109 7868 Themes - ok
17:30:25.0109 7868 TosIde - ok
17:30:25.0156 7868 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:30:25.0171 7868 TrkWks - ok
17:30:25.0187 7868 TSHWMDTCP - ok
17:30:25.0218 7868 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:30:25.0250 7868 Udfs - ok
17:30:25.0359 7868 [ 810883E6225C0037F2553D964FC866E3 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
17:30:25.0359 7868 UleadBurningHelper - ok
17:30:25.0359 7868 ultra - ok
17:30:25.0500 7868 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:30:25.0515 7868 UNS - ok
17:30:25.0625 7868 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:30:25.0750 7868 Update - ok
17:30:25.0828 7868 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:30:25.0890 7868 upnphost - ok
17:30:25.0921 7868 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:30:25.0937 7868 UPS - ok
17:30:26.0000 7868 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:30:26.0046 7868 USBAAPL - ok
17:30:26.0078 7868 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:30:26.0109 7868 usbaudio - ok
17:30:26.0125 7868 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:30:26.0140 7868 usbccgp - ok
17:30:26.0187 7868 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:30:26.0187 7868 usbehci - ok
17:30:26.0234 7868 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:30:26.0234 7868 usbhub - ok
17:30:26.0250 7868 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:30:26.0265 7868 usbprint - ok
17:30:26.0281 7868 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:30:26.0296 7868 usbscan - ok
17:30:26.0328 7868 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:30:26.0343 7868 USBSTOR - ok
17:30:26.0359 7868 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:30:26.0375 7868 usbuhci - ok
17:30:26.0390 7868 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
17:30:26.0390 7868 usb_rndisx - ok
17:30:26.0390 7868 v124 - ok
17:30:26.0421 7868 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:30:26.0437 7868 VgaSave - ok
17:30:26.0437 7868 ViaIde - ok
17:30:26.0453 7868 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:30:26.0453 7868 VolSnap - ok
17:30:26.0546 7868 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:30:26.0546 7868 VSS - ok
17:30:26.0984 7868 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
17:30:27.0000 7868 vToolbarUpdater11.2.0 - ok
17:30:27.0078 7868 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:30:27.0125 7868 W32Time - ok
17:30:27.0156 7868 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:27.0156 7868 Wanarp - ok
17:30:27.0343 7868 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:30:27.0343 7868 Wdf01000 - ok
17:30:27.0359 7868 WDICA - ok
17:30:27.0375 7868 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:27.0406 7868 wdmaud - ok
17:30:27.0468 7868 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:30:27.0484 7868 WebClient - ok
17:30:27.0609 7868 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:30:27.0640 7868 winmgmt - ok
17:30:28.0031 7868 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
17:30:28.0406 7868 WinRM - ok
17:30:28.0437 7868 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
17:30:28.0453 7868 WmBEnum - ok
17:30:28.0484 7868 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:30:28.0500 7868 WmdmPmSN - ok
17:30:28.0546 7868 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
17:30:28.0546 7868 WmFilter - ok
17:30:28.0578 7868 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:30:28.0578 7868 WmiAcpi - ok
17:30:28.0625 7868 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:30:28.0625 7868 WmiApSrv - ok
17:30:28.0968 7868 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:30:28.0984 7868 WMPNetworkSvc - ok
17:30:29.0015 7868 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
17:30:29.0031 7868 WmVirHid - ok
17:30:29.0078 7868 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
17:30:29.0078 7868 WmXlCore - ok
17:30:29.0109 7868 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:30:29.0125 7868 WpdUsb - ok
17:30:29.0437 7868 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:30:29.0437 7868 WPFFontCache_v0400 - ok
17:30:29.0484 7868 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:30:29.0484 7868 WS2IFSL - ok
17:30:29.0546 7868 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:30:29.0562 7868 wscsvc - ok
17:30:29.0562 7868 WSearch - ok
17:30:29.0609 7868 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:30:29.0625 7868 WSTCODEC - ok
17:30:29.0750 7868 [ 76FBEFAB6677AF9C498116F1AAEA8BDB ] WSWNA3100 C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
17:30:29.0750 7868 WSWNA3100 - ok
17:30:29.0796 7868 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:30:29.0812 7868 wuauserv - ok
17:30:29.0859 7868 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:30:29.0875 7868 WudfPf - ok
17:30:29.0890 7868 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:30:29.0953 7868 WudfRd - ok
17:30:30.0000 7868 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:30:30.0000 7868 WudfSvc - ok
17:30:30.0187 7868 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:30:30.0343 7868 WZCSVC - ok
17:30:30.0390 7868 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:30:30.0453 7868 xmlprov - ok
17:30:30.0468 7868 ================ Scan global ===============================
17:30:30.0515 7868 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:30:30.0625 7868 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:30:30.0796 7868 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:30:30.0843 7868 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:30:30.0843 7868 [Global] - ok
17:30:30.0843 7868 ================ Scan MBR ==================================
17:30:30.0890 7868 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:30:31.0281 7868 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:30:31.0281 7868 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:30:31.0312 7868 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:30:31.0406 7868 \Device\Harddisk1\DR1 - ok
17:30:31.0406 7868 [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk7\DR14
17:30:31.0953 7868 \Device\Harddisk7\DR14 - ok
17:30:31.0953 7868 ================ Scan VBR ==================================
17:30:31.0953 7868 [ 8F55791D88D03F6968C2AB46F8456E54 ] \Device\Harddisk0\DR0\Partition1
17:30:31.0953 7868 \Device\Harddisk0\DR0\Partition1 - ok
17:30:31.0953 7868 [ 02C8CFCC09F631DB430830F218F4580A ] \Device\Harddisk1\DR1\Partition1
17:30:31.0953 7868 \Device\Harddisk1\DR1\Partition1 - ok
17:30:31.0953 7868 [ 7649870B29723B18A6BBE37662ADD45C ] \Device\Harddisk7\DR14\Partition1
17:30:31.0968 7868 \Device\Harddisk7\DR14\Partition1 - ok
17:30:31.0968 7868 ============================================================
17:30:31.0968 7868 Scan finished
17:30:31.0968 7868 ============================================================
17:30:31.0984 5788 Detected object count: 1
17:30:31.0984 5788 Actual detected object count: 1
17:33:00.0734 5788 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:33:00.0750 5788 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:33:00.0765 5788 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:33:00.0765 5788 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:33:00.0765 5788 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:33:00.0796 5788 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:33:00.0859 5788 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:33:00.0906 5788 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:33:00.0906 5788 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:33:00.0906 5788 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:33:00.0921 5788 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:33:00.0921 5788 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:33:00.0921 5788 \Device\Harddisk0\DR0\TDLFS - deleted
17:33:00.0921 5788 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

#4 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 21 August 2012 - 10:37 PM

The results of the ComboFix below. The program was unable to create the Recovery Console so I continued to the malware scan. After the log was generated, I manually rebooted the computer and was not able to re-establish an internet conntection until I re-installed the NetGear software, I have a wireless connection and the program was unresponsive. Please advise next step. Thank you for your assistance, I appreciate it.

ComboFix 12-08-21.02 - Russ 08/21/2012 19:14:26.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3471.2849 [GMT -7:00]
Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\Pam\g2mdlhlpx.exe
c:\program files\CouponAlert_2pEI
c:\program files\CouponAlert_2pEI\Installr\4.bin\2pEIPlug.dll
c:\program files\CouponAlert_2pEI\Installr\4.bin\NP2pEISb.dll
c:\windows\iun6002.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\65a53fa7ca1bbf0e.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ae99886bdabf94ce.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c835522316f9fb2d.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2209f00939fde7a.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fdecdf75ec546085.fb
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET49.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\system
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
K:\install.exe
L:\Autorun.inf
L:\install.exe
L:\setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COUPONALERT_2PSERVICE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-16 05:03 . 2012-08-16 05:03 388096 ----a-r- c:\documents and settings\Russ\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 08:44 . 2012-08-11 08:46 -------- d-----w- c:\windows\system32\NtmsData
2012-08-10 03:46 . 2012-08-10 03:46 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\AVG Secure Search
2012-08-09 04:43 . 2012-02-08 00:40 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-08-09 04:43 . 2012-08-09 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2012-08-09 04:43 . 2012-08-09 04:43 -------- d-----w- c:\program files\Common Files\postureAgent
2012-08-09 04:39 . 2012-08-09 04:39 -------- d-----w- c:\windows\system32\RTCOM
2012-08-09 04:39 . 2010-11-03 10:15 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2012-08-09 04:39 . 2010-11-03 10:15 359016 ----a-w- c:\windows\vncutil.exe
2012-08-09 04:39 . 2010-11-03 10:15 1833576 ----a-w- c:\windows\SkyTel.exe
2012-08-09 04:39 . 2011-08-29 08:20 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-08-09 04:39 . 2011-12-13 10:27 7069288 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-08-09 04:39 . 2011-12-12 09:20 64616 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-09 04:39 . 2011-11-22 08:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-09 04:39 . 2011-06-30 08:15 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-08-09 04:39 . 2010-11-03 10:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-08-09 04:39 . 2010-11-03 10:15 9721960 ----a-w- c:\windows\RTLCPL.EXE
2012-08-09 04:25 . 2012-08-09 04:25 -------- d-----r- c:\windows\AsDmiHtm
2012-08-09 04:24 . 2009-04-02 12:30 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-08-09 04:17 . 2010-09-23 07:46 102416 ----a-r- c:\windows\system32\RTNUninst32.dll
2012-08-09 04:17 . 2011-08-24 12:39 323816 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-08-09 04:17 . 2010-09-23 07:46 81936 ----a-r- c:\windows\system32\RtNicProp32.dll
2012-08-09 04:14 . 2011-12-05 19:24 270080 ----a-r- c:\windows\system32\drivers\IntcDAud.sys
2012-08-08 17:43 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-08-08 17:43 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2012-08-08 17:09 . 2012-08-08 17:09 -------- d-----w- C:\found.002
2012-08-08 14:35 . 2012-08-08 14:35 -------- d-----w- C:\found.001
2012-08-02 18:18 . 2012-08-02 19:07 -------- d-----w- c:\documents and settings\Administrator
2012-07-27 03:43 . 2012-07-27 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2012-07-27 00:47 . 2012-07-27 00:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 00:47 . 2012-07-27 00:47 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-26 23:58 . 2012-07-26 23:58 -------- d-----w- c:\program files\Western Digital Corporation
2012-07-26 23:47 . 2012-07-26 23:47 -------- d-----w- C:\Data Lifeguard NT
2012-07-26 01:17 . 2012-07-26 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Motorola
2012-07-26 00:42 . 2012-07-26 00:42 -------- d-----w- c:\documents and settings\Russ\Application Data\Motorola Mobility
2012-07-26 00:42 . 2009-12-21 22:42 15616 ----a-w- c:\windows\system32\mot_ci.dll
2012-07-26 00:42 . 2012-07-26 00:42 -------- d-----w- c:\documents and settings\Russ\Application Data\Motorola
2012-07-26 00:39 . 2012-07-26 00:39 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-07-26 00:19 . 2012-07-26 00:42 -------- d-----w- c:\program files\Motorola
2012-07-25 23:59 . 2012-07-26 00:46 -------- d-----w- c:\documents and settings\Russ\.android
2012-07-25 23:59 . 2012-08-16 05:24 -------- d-----w- c:\documents and settings\Russ\Local Settings\Application Data\Android
2012-07-25 16:16 . 2012-08-17 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-25 16:16 . 2012-07-25 16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-24 06:07 . 2012-07-27 05:37 -------- d-----w- c:\documents and settings\Russ\Tracing
2012-07-24 06:06 . 2012-07-24 06:06 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2012-07-24 06:06 . 2010-04-28 14:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-07-24 06:06 . 2012-07-24 06:06 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-07-24 06:05 . 2012-07-24 06:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-24 06:03 . 2012-07-24 06:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-07-24 06:03 . 2012-07-24 15:59 -------- d-----w- c:\program files\Windows Live
2012-07-24 05:59 . 2012-07-24 05:59 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-24 05:59 . 2012-07-24 05:59 -------- d-----w- c:\windows\system32\winrm
2012-07-24 05:58 . 2012-07-24 05:59 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-24 05:35 . 2012-07-24 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Anvisoft
2012-07-24 05:35 . 2012-07-13 05:49 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 00:47 . 2010-04-23 21:51 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-27 00:25 . 2012-04-18 03:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 00:25 . 2011-05-16 23:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 19:20 . 2011-11-09 03:53 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-07-13 05:49 . 2012-07-15 05:26 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-07-13 05:49 . 2012-07-15 05:26 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-05-02 10:16 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2011-01-09 01:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-20 16:56 . 2012-01-30 05:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-08 16:32 . 2011-11-09 03:53 230808 ----a-r- c:\windows\cpnprt2.cid
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2009-05-28 04:16 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-05-02 10:18 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2009-05-02 10:18 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-05-02 10:18 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2009-05-02 10:18 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2009-05-02 10:18 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2009-05-02 10:18 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2009-05-02 10:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2009-05-28 04:16 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2009-05-28 04:16 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 08:09 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-08-16 6287008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\UMonit.exe" [2008-02-13 200704]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 458861]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-24 143128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-24 181528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-24 169752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2010-11-15 4562944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealRunner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SelectRebates
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartNowToolbarHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anvi Smart Defender]
2012-07-20 08:11 1217864 ----a-w- c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-26 23:44 136176 ----atw- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]
2011-06-15 21:38 12817920 ----a-w- c:\documents and settings\Russ\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12]
2012-01-24 05:58 928096 ----a-w- c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-07-14 08:10 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 31952]
R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [7/14/2012 10:26 PM 16208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301248]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [7/14/2012 10:26 PM 22864]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [7/20/2012 1:11 AM 686408]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [7/23/2012 10:35 PM 14160]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2/2/2012 10:25 PM 458464]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [8/8/2012 9:43 PM 161560]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/8/2012 9:43 PM 363800]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/10/2012 1:09 AM 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/15/2010 11:30 PM 1034240]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [8/8/2012 9:14 PM 270080]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [5/2/2009 4:41 AM 46080]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S2 gupdate1c9cbbf78e720d8;Google Update Service (gupdate1c9cbbf78e720d8);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 12:19 AM 133104]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [11/15/2010 11:30 PM 278528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/17/2012 8:39 PM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/8/2012 9:38 PM 1691480]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5/2/2009 4:40 AM 241880]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [6/6/2009 9:11 PM 12416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 12:19 AM 133104]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [1/26/2011 6:29 PM 706304]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/22/2011 9:06 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys --> c:\windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/19/2011 4:15 PM 100456]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
TSHWMDTCP
freebsd
bcftdi
mctskshd.exe
BCM42RLY
acmservice
LHidUsbK
pwisvc
sffdisk
avupdsvc
IPSECSHM
useraccess7
ssm_bus
pageserver
ichaud
v124
IOSLINK
DSDrv4
ctusfsyn
dlbu_device
nimcdldu
BRCMDECO
RR2IOMod
SRS_SSCFilter
c34nb4c5
LVVI500A
k750obex
psdvdisk
nmindexingservice
spmd
upsmonservice
pca
persfw
SQLAgent$LG_LP2
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 22:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 00:25]
.
2012-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-08-16 c:\windows\Tasks\AVG PC Tuneup Integrator Scan and Repair.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-05-01 00:20]
.
2012-08-16 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Russ Logon.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-05-01 00:20]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 07:19]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 07:19]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1292428093-839522115-1004Core.job
- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:44]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1292428093-839522115-1004UA.job
- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flightaware.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-14799619.sys
SafeBoot-36410140.sys
MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
AddRemove-ATR_72500 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-21 19:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1292428093-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1708)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-08-21 19:51:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 02:51
.
Pre-Run: 311,751,151,616 bytes free
Post-Run: 312,996,065,280 bytes free
.
- - End Of File - - A23DFC852E053AA744B0991990DC34CD

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 AM

Posted 22 August 2012 - 05:04 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

NetSvc::
TSHWMDTCP
freebsd
bcftdi
mctskshd.exe
BCM42RLY
acmservice
LHidUsbK
pwisvc
sffdisk
avupdsvc
IPSECSHM
useraccess7
ssm_bus
pageserver
ichaud
v124
IOSLINK
DSDrv4
ctusfsyn
dlbu_device
nimcdldu
BRCMDECO
RR2IOMod
SRS_SSCFilter
c34nb4c5
LVVI500A
k750obex
psdvdisk
nmindexingservice
spmd
upsmonservice
pca
persfw
SQLAgent$LG_LP2

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 22 August 2012 - 07:05 PM

Here is the log from the ComboFix scan.


ComboFix 12-08-22.03 - Russ 08/22/2012 16:15:11.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3471.2840 [GMT -7:00]
Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Russ\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-11 08:44 . 2012-08-11 08:46 -------- d-----w- c:\windows\system32\NtmsData
2012-08-10 03:46 . 2012-08-10 03:46 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\AVG Secure Search
2012-08-09 04:43 . 2012-02-08 00:40 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-08-09 04:43 . 2012-08-09 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2012-08-09 04:43 . 2012-08-09 04:43 -------- d-----w- c:\program files\Common Files\postureAgent
2012-08-09 04:39 . 2012-08-09 04:39 -------- d-----w- c:\windows\system32\RTCOM
2012-08-09 04:39 . 2010-11-03 10:15 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2012-08-09 04:39 . 2010-11-03 10:15 359016 ----a-w- c:\windows\vncutil.exe
2012-08-09 04:39 . 2010-11-03 10:15 1833576 ----a-w- c:\windows\SkyTel.exe
2012-08-09 04:39 . 2011-08-29 08:20 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-08-09 04:39 . 2011-12-13 10:27 7069288 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-08-09 04:39 . 2011-12-12 09:20 64616 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-09 04:39 . 2011-11-22 08:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-09 04:39 . 2011-06-30 08:15 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-08-09 04:39 . 2010-11-03 10:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-08-09 04:39 . 2010-11-03 10:15 9721960 ----a-w- c:\windows\RTLCPL.EXE
2012-08-09 04:25 . 2012-08-09 04:25 -------- d-----r- c:\windows\AsDmiHtm
2012-08-09 04:24 . 2009-04-02 12:30 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-08-09 04:17 . 2010-09-23 07:46 102416 ----a-r- c:\windows\system32\RTNUninst32.dll
2012-08-09 04:17 . 2011-08-24 12:39 323816 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-08-09 04:17 . 2010-09-23 07:46 81936 ----a-r- c:\windows\system32\RtNicProp32.dll
2012-08-09 04:14 . 2011-12-05 19:24 270080 ----a-r- c:\windows\system32\drivers\IntcDAud.sys
2012-08-08 17:43 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-08-08 17:43 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2012-08-08 17:09 . 2012-08-08 17:09 -------- d-----w- C:\found.002
2012-08-08 14:35 . 2012-08-08 14:35 -------- d-----w- C:\found.001
2012-08-02 18:18 . 2012-08-02 19:07 -------- d-----w- c:\documents and settings\Administrator
2012-07-27 03:43 . 2012-07-27 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2012-07-27 00:47 . 2012-07-27 00:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 00:47 . 2012-07-27 00:47 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-26 23:58 . 2012-07-26 23:58 -------- d-----w- c:\program files\Western Digital Corporation
2012-07-26 23:47 . 2012-07-26 23:47 -------- d-----w- C:\Data Lifeguard NT
2012-07-26 01:17 . 2012-07-26 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Motorola
2012-07-26 00:42 . 2012-07-26 00:42 -------- d-----w- c:\documents and settings\Russ\Application Data\Motorola Mobility
2012-07-26 00:42 . 2009-12-21 22:42 15616 ----a-w- c:\windows\system32\mot_ci.dll
2012-07-26 00:42 . 2012-07-26 00:42 -------- d-----w- c:\documents and settings\Russ\Application Data\Motorola
2012-07-26 00:39 . 2012-07-26 00:39 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-07-26 00:19 . 2012-07-26 00:42 -------- d-----w- c:\program files\Motorola
2012-07-25 23:59 . 2012-07-26 00:46 -------- d-----w- c:\documents and settings\Russ\.android
2012-07-25 23:59 . 2012-08-16 05:24 -------- d-----w- c:\documents and settings\Russ\Local Settings\Application Data\Android
2012-07-25 16:16 . 2012-08-17 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-25 16:16 . 2012-07-25 16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-24 06:07 . 2012-07-27 05:37 -------- d-----w- c:\documents and settings\Russ\Tracing
2012-07-24 06:06 . 2012-07-24 06:06 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2012-07-24 06:06 . 2010-04-28 14:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-07-24 06:06 . 2012-07-24 06:06 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-07-24 06:05 . 2012-07-24 06:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-24 06:03 . 2012-07-24 06:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-07-24 06:03 . 2012-07-24 15:59 -------- d-----w- c:\program files\Windows Live
2012-07-24 05:59 . 2012-07-24 05:59 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-24 05:59 . 2012-07-24 05:59 -------- d-----w- c:\windows\system32\winrm
2012-07-24 05:58 . 2012-07-24 05:59 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-24 05:35 . 2012-07-24 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Anvisoft
2012-07-24 05:35 . 2012-07-13 05:49 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 05:03 . 2012-08-16 05:03 388096 ----a-r- c:\documents and settings\Russ\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-27 00:47 . 2010-04-23 21:51 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-27 00:25 . 2012-04-18 03:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 00:25 . 2011-05-16 23:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 19:20 . 2011-11-09 03:53 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-07-13 05:49 . 2012-07-15 05:26 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-07-13 05:49 . 2012-07-15 05:26 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-05-02 10:16 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2011-01-09 01:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-20 16:56 . 2012-01-30 05:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-08 16:32 . 2011-11-09 03:53 230808 ----a-r- c:\windows\cpnprt2.cid
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2009-05-28 04:16 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-05-02 10:18 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2009-05-02 10:18 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-05-02 10:18 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2009-05-02 10:18 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2009-05-02 10:18 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2009-05-02 10:18 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2009-05-02 10:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2009-05-28 04:16 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2009-05-28 04:16 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-22_02.42.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-22 23:34 . 2012-08-22 23:34 16384 c:\windows\Temp\Perflib_Perfdata_270.dat
- 2003-03-19 02:05 . 2003-03-19 02:05 89088 c:\windows\system32\atl71.dll
+ 2003-03-19 02:05 . 2006-10-12 23:28 89088 c:\windows\system32\ATL71.DLL
+ 2003-02-21 11:42 . 2006-10-12 23:28 348160 c:\windows\system32\msvcr71.DLL
- 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\system32\msvcr71.dll
+ 2003-03-19 03:14 . 2006-10-12 23:28 499712 c:\windows\system32\msvcp71.DLL
- 2003-03-19 03:14 . 2003-03-19 03:14 499712 c:\windows\system32\msvcp71.dll
+ 2012-08-22 03:27 . 2012-08-22 03:27 331264 c:\windows\Installer\1946e8.msi
+ 2003-03-19 04:20 . 2006-10-12 23:28 1060864 c:\windows\system32\MFC71.DLL
- 2003-03-19 04:20 . 2003-03-19 04:20 1060864 c:\windows\system32\mfc71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 08:09 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-08-16 6287008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\UMonit.exe" [2008-02-13 200704]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 458861]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-24 143128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-24 181528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-24 169752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2010-11-15 4562944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anvi Smart Defender]
2012-07-20 08:11 1217864 ----a-w- c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-26 23:44 136176 ----atw- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]
2011-06-15 21:38 12817920 ----a-w- c:\documents and settings\Russ\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12]
2012-01-24 05:58 928096 ----a-w- c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-07-14 08:10 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 31952]
R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [7/14/2012 10:26 PM 16208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301248]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [7/14/2012 10:26 PM 22864]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [7/23/2012 10:35 PM 14160]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2/2/2012 10:25 PM 458464]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [8/8/2012 9:43 PM 161560]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/8/2012 9:43 PM 363800]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/10/2012 1:09 AM 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/15/2010 11:30 PM 1034240]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [8/8/2012 9:14 PM 270080]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [5/2/2009 4:41 AM 46080]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [7/20/2012 1:11 AM 686408]
S2 gupdate1c9cbbf78e720d8;Google Update Service (gupdate1c9cbbf78e720d8);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 12:19 AM 133104]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [11/15/2010 11:30 PM 278528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/17/2012 8:39 PM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/8/2012 9:38 PM 1691480]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5/2/2009 4:40 AM 241880]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [6/6/2009 9:11 PM 12416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 12:19 AM 133104]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [1/26/2011 6:29 PM 706304]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/22/2011 9:06 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys --> c:\windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/19/2011 4:15 PM 100456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 22:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 00:25]
.
2012-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-08-16 c:\windows\Tasks\AVG PC Tuneup Integrator Scan and Repair.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-05-01 00:20]
.
2012-08-16 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Russ Logon.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-05-01 00:20]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 07:19]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 07:19]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1292428093-839522115-1004Core.job
- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:44]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1292428093-839522115-1004UA.job
- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flightaware.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-22 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1292428093-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(232)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-08-22 16:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 23:47
ComboFix2.txt 2012-08-22 02:51
.
Pre-Run: 312,941,383,680 bytes free
Post-Run: 312,924,598,272 bytes free
.
- - End Of File - - D787A49C401F5F8F7E04428BCB86C41C

#7 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 22 August 2012 - 07:39 PM

The next step, Malware Bytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.22.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Russ :: RUSSELL [administrator]

8/22/2012 5:07:42 PM
mbam-log-2012-08-22 (17-07-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267094
Time elapsed: 29 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 23 August 2012 - 01:53 AM

The following log is from the ESETSCAN, I am not sure if it normally takes a long time to scan, but in my case it was a 6 hour scan resulting in the following:

C:\Documents and Settings\Pam\My Documents\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application
C:\Documents and Settings\Russ\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaopcfjneppfdiijpfjpfnmehjjdcgko\background.html Win32/BHO.OEI trojan
C:\Qoobox\Quarantine\C\Program Files\CouponAlert_2pEI\Installr\4.bin\2pEIPlug.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\CouponAlert_2pEI\Installr\4.bin\NP2pEISb.dll.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{7F4E8637-A0F1-4817-AA08-A90329908BA1}\RP1288\A0266627.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{7F4E8637-A0F1-4817-AA08-A90329908BA1}\RP1288\A0266628.dll Win32/Toolbar.MyWebSearch application
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\rtkt0000\zafs0000\tsk0006.dta probably a variant of Win32/Agent.GSJKHXJ trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\07.04.2012_00.45.04\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.29.12\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.29.12\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.29.12\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.29.12\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.29.12\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KQ trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.29.12\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.29.12\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.29.12\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan
C:\WINDOWS\system32\flt1chk3.dll Win32/SuspLibLoad.B trojan
L:\Russell\Downloaded Files\ActiveSpeed\ActiveSpeed_setup.exe Win32/Adware.Ascentive application

I have not noticed any improvements in computer performance yet, it is painfully slow to boot. When I powered on my computer earlier to check to see if there were any instructions for me, it took about 15 minutes from power on to the desktop screen... a very long time. I will wait for further instructions, thank you for the assistance.

#9 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 23 August 2012 - 02:11 AM

I have an additional question for you that I just remembered... I have MS Outlook as part of Office 2007. I have had about a half dozen emails in the past two weeks or so that come to my inbox and are sent from a legitimate name in my addresses/contacts. However when I open the email, the email address from the sender is unknown to me although the name is recognizable. The sublect line has my name in it, but there is no text in the body only an attachment which is an ad of some sort. The first two times I actually opened it because I thought that they were legitimate. Since then, I delete them. Is this related to my current problem? Also, can this be spread to others in my contact list? One of those persons that I got one of these emails from (name is recognizable, email address associated with it isn't) called me today to tell me that they are receiving these same junk emails. Any ideas? Thank you again for the help, I hope to resolve these issues soon.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 AM

Posted 23 August 2012 - 06:13 AM

Yes, the spam emails were likely the cause of the issues. If you haven't already done so, from a machine that has never been infected, change all your on-line passwords and recommend to persons on your contact list that they do the same, somewhere along the way someones contacts have been compromised, it may not be yours.

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\WINDOWS\system32\flt1chk3.dll 
L:\Russell\Downloaded Files\ActiveSpeed\ActiveSpeed_setup.exe 
C:\Documents and Settings\Pam\My Documents\CouponPrinter.exe 
C:\Documents and Settings\Russ\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaopcfjneppfdiijpfjpfnmehjjdcgko\background.html 

Clearjavacache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


run the Temp File Cleaner

Please download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should reboot your machine, if not, manually reboot to ensure a complete clean



Then defrag your HD

1.Open My Computer.
2.Right-click the local disk volume that you want to defragment, and then click Properties.
3.On the Tools tab, click Defragment Now.
4.Click Defragment.


Let me know if that makes any difference

Edited by CatByte, 23 August 2012 - 06:13 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 23 August 2012 - 09:10 AM

How do I disable script blocking? Is it ok to disable my AVG AV until the next time that I boot or do I need to disable permanently?
Thanks

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 AM

Posted 23 August 2012 - 05:26 PM

Disabling the AV will disable any script blocking, you can disable AVG until next boot

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 23 August 2012 - 11:45 PM

Here are the rsults from the last ComboFix log:

ComboFix 12-08-22.03 - Russ 08/23/2012 21:02:57.3.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3471.2841 [GMT -7:00]
Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Russ\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\documents and settings\Pam\My Documents\CouponPrinter.exe"
"c:\documents and settings\Russ\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaopcfjneppfdiijpfjpfnmehjjdcgko\background.html"
"c:\windows\system32\flt1chk3.dll"
"l:\russell\Downloaded Files\ActiveSpeed\ActiveSpeed_setup.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pam\My Documents\CouponPrinter.exe
c:\documents and settings\Russ\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaopcfjneppfdiijpfjpfnmehjjdcgko\background.html
c:\windows\system32\drivers\npf.sys
c:\windows\system32\flt1chk3.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
l:\russell\Downloaded Files\ActiveSpeed\ActiveSpeed_setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))))
.
.
2012-08-23 00:41 . 2012-08-23 00:41 -------- d-----w- c:\program files\ESET
2012-08-16 05:03 . 2012-08-16 05:03 388096 ----a-r- c:\documents and settings\Russ\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 08:44 . 2012-08-11 08:46 -------- d-----w- c:\windows\system32\NtmsData
2012-08-10 03:46 . 2012-08-10 03:46 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\AVG Secure Search
2012-08-09 04:43 . 2012-02-08 00:40 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-08-09 04:43 . 2012-08-09 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2012-08-09 04:43 . 2012-08-09 04:43 -------- d-----w- c:\program files\Common Files\postureAgent
2012-08-09 04:39 . 2012-08-09 04:39 -------- d-----w- c:\windows\system32\RTCOM
2012-08-09 04:39 . 2010-11-03 10:15 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2012-08-09 04:39 . 2010-11-03 10:15 359016 ----a-w- c:\windows\vncutil.exe
2012-08-09 04:39 . 2010-11-03 10:15 1833576 ----a-w- c:\windows\SkyTel.exe
2012-08-09 04:39 . 2011-08-29 08:20 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-08-09 04:39 . 2011-12-13 10:27 7069288 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-08-09 04:39 . 2011-12-12 09:20 64616 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-09 04:39 . 2011-11-22 08:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-09 04:39 . 2011-06-30 08:15 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-08-09 04:39 . 2010-11-03 10:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-08-09 04:39 . 2010-11-03 10:15 9721960 ----a-w- c:\windows\RTLCPL.EXE
2012-08-09 04:25 . 2012-08-09 04:25 -------- d-----r- c:\windows\AsDmiHtm
2012-08-09 04:24 . 2009-04-02 12:30 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-08-09 04:17 . 2010-09-23 07:46 102416 ----a-r- c:\windows\system32\RTNUninst32.dll
2012-08-09 04:17 . 2011-08-24 12:39 323816 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2012-08-09 04:17 . 2010-09-23 07:46 81936 ----a-r- c:\windows\system32\RtNicProp32.dll
2012-08-09 04:14 . 2011-12-05 19:24 270080 ----a-r- c:\windows\system32\drivers\IntcDAud.sys
2012-08-08 17:43 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-08-08 17:43 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2012-08-08 17:09 . 2012-08-08 17:09 -------- d-----w- C:\found.002
2012-08-08 14:35 . 2012-08-08 14:35 -------- d-----w- C:\found.001
2012-08-02 18:18 . 2012-08-02 19:07 -------- d-----w- c:\documents and settings\Administrator
2012-07-27 03:43 . 2012-07-27 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2012-07-27 00:47 . 2012-07-27 00:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 00:47 . 2012-07-27 00:47 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-26 23:58 . 2012-07-26 23:58 -------- d-----w- c:\program files\Western Digital Corporation
2012-07-26 23:47 . 2012-07-26 23:47 -------- d-----w- C:\Data Lifeguard NT
2012-07-26 01:17 . 2012-07-26 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Motorola
2012-07-26 00:42 . 2012-07-26 00:42 -------- d-----w- c:\documents and settings\Russ\Application Data\Motorola Mobility
2012-07-26 00:42 . 2009-12-21 22:42 15616 ----a-w- c:\windows\system32\mot_ci.dll
2012-07-26 00:42 . 2012-07-26 00:42 -------- d-----w- c:\documents and settings\Russ\Application Data\Motorola
2012-07-26 00:39 . 2012-07-26 00:39 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-07-26 00:19 . 2012-07-26 00:42 -------- d-----w- c:\program files\Motorola
2012-07-25 23:59 . 2012-07-26 00:46 -------- d-----w- c:\documents and settings\Russ\.android
2012-07-25 23:59 . 2012-08-16 05:24 -------- d-----w- c:\documents and settings\Russ\Local Settings\Application Data\Android
2012-07-25 16:16 . 2012-08-17 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-25 16:16 . 2012-07-25 16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 00:47 . 2010-04-23 21:51 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-27 00:25 . 2012-04-18 03:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 00:25 . 2011-05-16 23:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 19:20 . 2011-11-09 03:53 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-07-13 05:49 . 2012-07-24 05:35 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2012-07-13 05:49 . 2012-07-15 05:26 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-07-13 05:49 . 2012-07-15 05:26 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-05-02 10:16 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2011-01-09 01:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-20 16:56 . 2012-01-30 05:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-08 16:32 . 2011-11-09 03:53 230808 ----a-r- c:\windows\cpnprt2.cid
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2009-05-28 04:16 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-05-02 10:18 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2009-05-02 10:18 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-05-02 10:18 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2009-05-02 10:18 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2009-05-02 10:18 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2009-05-02 10:18 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2009-05-02 10:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2009-05-28 04:16 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2009-05-28 04:16 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-22_02.42.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-24 04:18 . 2012-08-24 04:18 16384 c:\windows\Temp\Perflib_Perfdata_80.dat
+ 2004-08-04 12:00 . 2012-08-24 03:46 88190 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2012-08-22 02:41 88190 c:\windows\system32\perfc009.dat
+ 2003-03-19 02:05 . 2006-10-12 23:28 89088 c:\windows\system32\ATL71.DLL
- 2003-03-19 02:05 . 2003-03-19 02:05 89088 c:\windows\system32\atl71.dll
- 2004-08-04 12:00 . 2012-08-22 02:41 505858 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-08-24 03:46 505858 c:\windows\system32\perfh009.dat
+ 2003-02-21 11:42 . 2006-10-12 23:28 348160 c:\windows\system32\msvcr71.DLL
- 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\system32\msvcr71.dll
- 2003-03-19 03:14 . 2003-03-19 03:14 499712 c:\windows\system32\msvcp71.dll
+ 2003-03-19 03:14 . 2006-10-12 23:28 499712 c:\windows\system32\msvcp71.DLL
+ 2010-11-16 06:30 . 2009-11-06 15:26 642432 c:\windows\system32\drivers\bcmwlhigh5.sys
+ 2012-08-22 03:27 . 2012-08-22 03:27 331264 c:\windows\Installer\1946e8.msi
+ 2012-08-22 23:59 . 2011-03-28 16:22 1034240 c:\windows\system32\ReinstallBackups\0055\DriverFiles\bcmwlhigh5.sys
- 2003-03-19 04:20 . 2003-03-19 04:20 1060864 c:\windows\system32\mfc71.dll
+ 2003-03-19 04:20 . 2006-10-12 23:28 1060864 c:\windows\system32\MFC71.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 08:09 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-08-16 6287008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\UMonit.exe" [2008-02-13 200704]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 458861]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-24 143128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-24 181528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-24 169752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2010-11-15 4562944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anvi Smart Defender]
2012-07-20 08:11 1217864 ----a-w- c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-26 23:44 136176 ----atw- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]
2011-06-15 21:38 12817920 ----a-w- c:\documents and settings\Russ\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12]
2012-01-24 05:58 928096 ----a-w- c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 21:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-07-14 08:10 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 31952]
R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [7/14/2012 10:26 PM 16208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301248]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [7/14/2012 10:26 PM 22864]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [7/23/2012 10:35 PM 14160]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2/2/2012 10:25 PM 458464]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [8/8/2012 9:43 PM 161560]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/8/2012 9:43 PM 363800]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/10/2012 1:09 AM 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/15/2010 11:30 PM 642432]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [8/8/2012 9:14 PM 270080]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [5/2/2009 4:41 AM 46080]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [7/20/2012 1:11 AM 686408]
S2 gupdate1c9cbbf78e720d8;Google Update Service (gupdate1c9cbbf78e720d8);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 12:19 AM 133104]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [11/15/2010 11:30 PM 278528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/17/2012 8:39 PM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/8/2012 9:38 PM 1691480]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5/2/2009 4:40 AM 241880]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [6/6/2009 9:11 PM 12416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 12:19 AM 133104]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [1/26/2011 6:29 PM 706304]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/22/2011 9:06 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys --> c:\windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/19/2011 4:15 PM 100456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 22:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 00:25]
.
2012-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-08-16 c:\windows\Tasks\AVG PC Tuneup Integrator Scan and Repair.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-05-01 00:20]
.
2012-08-16 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Russ Logon.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-05-01 00:20]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 07:19]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 07:19]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1292428093-839522115-1004Core.job
- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:44]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1292428093-839522115-1004UA.job
- c:\documents and settings\Russ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flightaware.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-23 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1292428093-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2012-08-23 21:29:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-24 04:29
ComboFix2.txt 2012-08-22 23:47
ComboFix3.txt 2012-08-22 02:51
.
Pre-Run: 312,737,280,000 bytes free
Post-Run: 312,698,097,664 bytes free
.
- - End Of File - - 9CAD2DFFD139757758CAA91B9174315C


I will run the Temp File Cleaner, then defrag the HD and let you know what happens. I tried to defrag my HD a few days ago, before asking for assistance but it would freeze and not run, so I had to wait. Hopefuuly I will have better luck. Thanks again.

#14 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:15 AM

Posted 24 August 2012 - 12:45 AM

I am in the process of defragging the HDD. It has been running for about 45 minutes so far and is only at 3% right now. It seems to be running at this point, does it typically take this long to run? Is there a quicker way of running this?

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 AM

Posted 24 August 2012 - 08:43 AM

Yes, it can take a long time depending on how fragmented the drive is.

There are third party defragmenters that may do the job a little quicker, but there is nothing wrong with the Windows on board defragmenter as far as how well it performs, so leave the computer alone and let it complete.

Let me know if that helps and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users